Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies;
false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and
the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties,
implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided
is at the user’s risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever
arising out of or in connection with the use of this tool, the analysis performed, or the resulting report.
Scan Information (
show all ):
dependency-check version : 9.0.10Report Generated On : Tue, 25 Jun 2024 18:45:46 GMTDependencies Scanned : 741 (546 unique)Vulnerable Dependencies : 82 Vulnerabilities Found : 442Vulnerabilities Suppressed : 0 ... NVD API Last Checked : 2024-06-25T18:45:08ZNVD API Last Modified : 2024-06-25T18:15:12ZSummary Display:
Showing Vulnerable Dependencies (click to show all) * indicates the dependency has a known exploited vulnerability
HikariCP-4.0.3.jarDescription:
Ultimate JDBC Connection Pool License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/runner/.m2/repository/com/zaxxer/HikariCP/4.0.3/HikariCP-4.0.3.jar
MD5: e725642926105cd1bbf4ad7fdff5d5a9
SHA1: 107cbdf0db6780a065f895ae9d8fbf3bb0e1c21f
SHA256: 7c024aeff1c1063576d74453513f9de6447d8e624d17f8e27f30a2e97688c6c9
Referenced In Projects/Scopes: shardingsphere-proxy-distribution:compile shardingsphere-schedule-core:compile shardingsphere-proxy-bootstrap:runtime shardingsphere-test-e2e-agent-jdbc-project:compile shardingsphere-test-e2e-env:compile shardingsphere-test-e2e-fixture:compile shardingsphere-standalone-mode-repository-jdbc:compile shardingsphere-proxy-native-distribution:compile shardingsphere-data-pipeline-core:compile shardingsphere-proxy-backend-core:compile HikariCP-4.0.3.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-fixture@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-bootstrap@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-distribution@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-standalone-mode-repository-jdbc@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-schedule-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-env@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-jdbc-project@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-native-distribution@5.5.1-SNAPSHOT Evidence Type Source Name Value Confidence Vendor file name HikariCP High Vendor jar package name pool Highest Vendor jar package name zaxxer Highest Vendor Manifest build-jdk-spec 11 Low Vendor Manifest bundle-docurl https://github.com/brettwooldridge Low Vendor Manifest bundle-symbolicname com.zaxxer.HikariCP Medium Vendor Manifest multi-release true Low Vendor Manifest originally-created-by Apache Maven Bundle Plugin Low Vendor pom artifactid HikariCP Highest Vendor pom artifactid HikariCP Low Vendor pom developer email brett.wooldridge@gmail.com Low Vendor pom developer name Brett Wooldridge Medium Vendor pom groupid com.zaxxer Highest Vendor pom name HikariCP High Vendor pom organization name Zaxxer.com High Vendor pom organization url brettwooldridge Medium Vendor pom url brettwooldridge/HikariCP Highest Product file name HikariCP High Product jar package name 11 Highest Product jar package name pool Highest Product jar package name zaxxer Highest Product Manifest build-jdk-spec 11 Low Product Manifest bundle-docurl https://github.com/brettwooldridge Low Product Manifest Bundle-Name HikariCP Medium Product Manifest bundle-symbolicname com.zaxxer.HikariCP Medium Product Manifest multi-release true Low Product Manifest originally-created-by Apache Maven Bundle Plugin Low Product pom artifactid HikariCP Highest Product pom developer email brett.wooldridge@gmail.com Low Product pom developer name Brett Wooldridge Low Product pom groupid com.zaxxer Highest Product pom name HikariCP High Product pom organization name Zaxxer.com Low Product pom url brettwooldridge High Product pom url brettwooldridge/HikariCP High Version file version 4.0.3 High Version Manifest Bundle-Version 4.0.3 High Version pom version 4.0.3 Highest
ST4-4.3.jarDescription:
StringTemplate is a java template engine for generating source code,
web pages, emails, or any other formatted text output.
StringTemplate is particularly good at multi-targeted code generators,
multiple site skins, and internationalization/localization.
It evolved over years of effort developing jGuru.com.
StringTemplate also powers the ANTLR 3 and 4 code generator. Its distinguishing characteristic
is that unlike other engines, it strictly enforces model-view separation.
Strict separation makes websites and code generators more flexible
and maintainable; it also provides an excellent defense against malicious
template authors.
File Path: /home/runner/.m2/repository/org/antlr/ST4/4.3/ST4-4.3.jarMD5: efd60d8dabda5630627d385d7771d460SHA1: 92f2c1ad8d84abcbeead6cf7f2c53a04166293c2SHA256: 28547dba48cfceb77b6efbfe069aebe9ed3324ae60dbd52093d13a1d636ed069Referenced In Project/Scope: shardingsphere-transaction-base-seata-at:providedST4-4.3.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/io.seata/seata-all@2.0.0
Evidence Type Source Name Value Confidence Vendor file name ST4 High Vendor jar package name stringtemplate Highest Vendor jar package name stringtemplate Low Vendor jar package name v4 Low Vendor pom artifactid ST4 Highest Vendor pom artifactid ST4 Low Vendor pom groupid org.antlr Highest Vendor pom name StringTemplate 4 High Product file name ST4 High Product jar package name stringtemplate Highest Product jar package name v4 Low Product pom artifactid ST4 Highest Product pom groupid org.antlr Highest Product pom name StringTemplate 4 High Version file version 4.3 High Version pom version 4.3 Highest
accessors-smart-2.4.9.jar activation-1.1.jarDescription:
JavaBeans Activation Framework (JAF) is a standard extension to the Java platform that lets you take advantage of standard services to: determine the type of an arbitrary piece of data; encapsulate access to it; discover the operations available on it; and instantiate the appropriate bean to perform the operation(s).
License:
Common Development and Distribution License (CDDL) v1.0: https://glassfish.dev.java.net/public/CDDLv1.0.html File Path: /home/runner/.m2/repository/javax/activation/activation/1.1/activation-1.1.jar
MD5: 8ae38e87cd4f86059c0294a8fe3e0b18
SHA1: e6cb541461c2834bdea3eb920f1884d1eb508b50
SHA256: 2881c79c9d6ef01c58e62beea13e9d1ac8b8baa16f2fc198ad6e6776defdcdd3
Referenced In Project/Scope: shardingsphere-infra-database-hive:provided
activation-1.1.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.hive/hive-jdbc@3.1.3
Evidence Type Source Name Value Confidence Vendor file name activation High Vendor jar package name activation Highest Vendor jar package name javax Highest Vendor jar package name sun Highest Vendor jar (hint) package name oracle Highest Vendor Manifest extension-name javax.activation Medium Vendor Manifest Implementation-Vendor Sun Microsystems, Inc. High Vendor Manifest Implementation-Vendor-Id com.sun Medium Vendor Manifest specification-vendor Sun Microsystems, Inc. Low Vendor pom artifactid activation Highest Vendor pom artifactid activation Low Vendor pom groupid javax.activation Highest Vendor pom name JavaBeans Activation Framework (JAF) High Vendor pom url http://java.sun.com/products/javabeans/jaf/index.jsp Highest Product file name activation High Product jar package name activation Highest Product jar package name javax Highest Product Manifest extension-name javax.activation Medium Product Manifest specification-title JavaBeans(TM) Activation Framework Specification Medium Product pom artifactid activation Highest Product pom groupid javax.activation Highest Product pom name JavaBeans Activation Framework (JAF) High Product pom url http://java.sun.com/products/javabeans/jaf/index.jsp Medium Version file version 1.1 High Version Manifest Implementation-Version 1.1 High Version pom version 1.1 Highest
aggdesigner-algorithm-6.0.jar annotations-13.0.jarDescription:
A set of annotations used for code inspection support and code documentation. License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/runner/.m2/repository/org/jetbrains/annotations/13.0/annotations-13.0.jar
MD5: f4fb462172517b46b6cd90003508515a
SHA1: 919f0dfe192fb4e063e7dacadee7f8bb9a2672a9
SHA256: ace2a10dc8e2d5fd34925ecac03e4988b2c0f851650c94b8cef49ba1bd111478
Referenced In Projects/Scopes: shardingsphere-test-e2e-agent-plugins-common:compile shardingsphere-agent-tracing-opentelemetry:compile shardingsphere-agent-distribution:compile annotations-13.0.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.shardingsphere/shardingsphere-agent-tracing-opentelemetry@5.5.1-SNAPSHOT pkg:maven/org.jetbrains.kotlin/kotlin-stdlib-jdk8@1.9.10 pkg:maven/org.jetbrains.kotlin/kotlin-stdlib-jdk8@1.9.10 Evidence Type Source Name Value Confidence Vendor file name annotations High Vendor jar package name annotations Highest Vendor jar package name annotations Low Vendor jar package name intellij Highest Vendor jar package name intellij Low Vendor jar package name jetbrains Highest Vendor jar package name lang Low Vendor pom artifactid annotations Highest Vendor pom artifactid annotations Low Vendor pom developer id JetBrains Medium Vendor pom developer name JetBrains Team Medium Vendor pom developer org JetBrains Medium Vendor pom developer org URL http://www.jetbrains.com Medium Vendor pom groupid org.jetbrains Highest Vendor pom name IntelliJ IDEA Annotations High Vendor pom url http://www.jetbrains.org Highest Product file name annotations High Product jar package name annotations Highest Product jar package name annotations Low Product jar package name intellij Highest Product jar package name jetbrains Highest Product jar package name lang Low Product pom artifactid annotations Highest Product pom developer id JetBrains Low Product pom developer name JetBrains Team Low Product pom developer org JetBrains Low Product pom developer org URL http://www.jetbrains.com Low Product pom groupid org.jetbrains Highest Product pom name IntelliJ IDEA Annotations High Product pom url http://www.jetbrains.org Medium Version file version 13.0 High Version pom version 13.0 Highest
annotations-17.0.0.jarDescription:
A set of annotations used for code inspection support and code documentation. License:
The Apache Software License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/runner/.m2/repository/org/jetbrains/annotations/17.0.0/annotations-17.0.0.jar
MD5: 7b06437ed47fa7b4a8ec8909f4fb9022
SHA1: 8ceead41f4e71821919dbdb7a9847608f1a938cb
SHA256: 195fb0da046d55bb042e91543484cf1da68b02bb7afbfe031f229e45ac84b3f2
Referenced In Projects/Scopes: shardingsphere-test-e2e-agent-plugins-metrics-prometheus:compile shardingsphere-test-e2e-agent-plugins-jaeger:compile shardingsphere-test-e2e-agent-plugins-zipkin:compile shardingsphere-test-e2e-agent-plugins-logging-file:compile annotations-17.0.0.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.testcontainers/testcontainers@1.19.3 pkg:maven/org.testcontainers/testcontainers@1.19.3 pkg:maven/org.testcontainers/testcontainers@1.19.3 pkg:maven/org.testcontainers/testcontainers@1.19.3 Evidence Type Source Name Value Confidence Vendor file name annotations High Vendor jar package name annotations Highest Vendor jar package name jetbrains Highest Vendor Manifest automatic-module-name org.jetbrains.annotations Medium Vendor pom artifactid annotations Highest Vendor pom artifactid annotations Low Vendor pom developer id JetBrains Medium Vendor pom developer name JetBrains Team Medium Vendor pom developer org JetBrains Medium Vendor pom developer org URL https://www.jetbrains.com Medium Vendor pom groupid org.jetbrains Highest Vendor pom name JetBrains Java Annotations High Vendor pom url JetBrains/java-annotations Highest Product file name annotations High Product jar package name annotations Highest Product jar package name jetbrains Highest Product Manifest automatic-module-name org.jetbrains.annotations Medium Product pom artifactid annotations Highest Product pom developer id JetBrains Low Product pom developer name JetBrains Team Low Product pom developer org JetBrains Low Product pom developer org URL https://www.jetbrains.com Low Product pom groupid org.jetbrains Highest Product pom name JetBrains Java Annotations High Product pom url JetBrains/java-annotations High Version file version 17.0.0 High Version pom version 17.0.0 Highest
antlr-runtime-3.5.2.jarDescription:
A framework for constructing recognizers, compilers, and translators from grammatical descriptions containing Java, C#, C++, or Python actions. File Path: /home/runner/.m2/repository/org/antlr/antlr-runtime/3.5.2/antlr-runtime-3.5.2.jarMD5: 1fbbae2cb72530207c20b797bdabd029SHA1: cd9cd41361c155f3af0f653009dcecb08d8b4afdSHA256: ce3fc8ecb10f39e9a3cddcbb2ce350d272d9cd3d0b1e18e6fe73c3b9389c8734Referenced In Projects/Scopes:
shardingsphere-infra-database-hive:provided shardingsphere-transaction-base-seata-at:provided antlr-runtime-3.5.2.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/io.seata/seata-all@2.0.0 pkg:maven/org.apache.hive/hive-jdbc@3.1.3 Evidence Type Source Name Value Confidence Vendor file name antlr-runtime High Vendor jar package name antlr Highest Vendor jar package name runtime Highest Vendor Manifest Implementation-Vendor ANTLR High Vendor Manifest Implementation-Vendor-Id org.antlr Medium Vendor pom artifactid antlr-runtime Highest Vendor pom artifactid antlr-runtime Low Vendor pom developer email jimi@temporal-wave.com Low Vendor pom developer email parrt@antlr.org Low Vendor pom developer name Jim Idle Medium Vendor pom developer name Terence Parr Medium Vendor pom developer org Temporal Wave LLC Medium Vendor pom developer org USFCA Medium Vendor pom developer org URL http://www.cs.usfca.edu Medium Vendor pom developer org URL http://www.temporal-wave.com Medium Vendor pom groupid org.antlr Highest Vendor pom name ANTLR 3 Runtime High Vendor pom parent-artifactid antlr-master Low Vendor pom url http://www.antlr.org Highest Product file name antlr-runtime High Product jar package name antlr Highest Product jar package name runtime Highest Product Manifest Implementation-Title ANTLR 3 Runtime High Product pom artifactid antlr-runtime Highest Product pom developer email jimi@temporal-wave.com Low Product pom developer email parrt@antlr.org Low Product pom developer name Jim Idle Low Product pom developer name Terence Parr Low Product pom developer org Temporal Wave LLC Low Product pom developer org USFCA Low Product pom developer org URL http://www.cs.usfca.edu Low Product pom developer org URL http://www.temporal-wave.com Low Product pom groupid org.antlr Highest Product pom name ANTLR 3 Runtime High Product pom parent-artifactid antlr-master Medium Product pom url http://www.antlr.org Medium Version file version 3.5.2 High Version Manifest Implementation-Version 3.5.2 High Version pom version 3.5.2 Highest
antlr4-4.8.jarDescription:
The ANTLR 4 grammar compiler. File Path: /home/runner/.m2/repository/org/antlr/antlr4/4.8/antlr4-4.8.jarMD5: a374dbfb589aaf09abebfe017f2f807aSHA1: c5902f3079595a5e73dd6b008340a8197ee1aedaSHA256: 6e4477689371f237d4d8aa40642badbb209d4628ccdd81234d90f829a743bac8Referenced In Project/Scope: shardingsphere-transaction-base-seata-at:providedantlr4-4.8.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/io.seata/seata-all@2.0.0
Evidence Type Source Name Value Confidence Vendor file name antlr4 High Vendor jar package name antlr Highest Vendor jar package name grammar Highest Vendor jar package name tool Highest Vendor Manifest implementation-url http://www.antlr.org Low Vendor Manifest Implementation-Vendor ANTLR High Vendor Manifest Implementation-Vendor-Id org.antlr Medium Vendor pom artifactid antlr4 Highest Vendor pom artifactid antlr4 Low Vendor pom groupid org.antlr Highest Vendor pom name ANTLR 4 Tool High Vendor pom parent-artifactid antlr4-master Low Vendor pom url http://www.antlr.org Highest Product file name antlr4 High Product jar package name antlr Highest Product jar package name grammar Highest Product jar package name tool Highest Product Manifest Implementation-Title ANTLR 4 Tool High Product Manifest implementation-url http://www.antlr.org Low Product pom artifactid antlr4 Highest Product pom groupid org.antlr Highest Product pom name ANTLR 4 Tool High Product pom parent-artifactid antlr4-master Medium Product pom url http://www.antlr.org Medium Version file version 4.8 High Version Manifest Implementation-Version 4.8 High Version pom version 4.8 Highest
antlr4-runtime-4.10.1.jar aopalliance-1.0.jarDescription:
AOP Alliance License:
Public Domain File Path: /home/runner/.m2/repository/aopalliance/aopalliance/1.0/aopalliance-1.0.jar
MD5: 04177054e180d09e3998808efa0401c7
SHA1: 0235ba8b489512805ac13a8f9ea77a1ca5ebe3e8
SHA256: 0addec670fedcd3f113c5c8091d783280d23f75e3acb841b61a9cdb079376a08
Referenced In Projects/Scopes: shardingsphere-infra-database-hive:provided shardingsphere-transaction-base-seata-at:provided aopalliance-1.0.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/io.seata/seata-all@2.0.0 pkg:maven/org.apache.hive/hive-jdbc@3.1.3 Evidence Type Source Name Value Confidence Vendor file name aopalliance High Vendor jar package name aop Highest Vendor jar package name aopalliance Highest Vendor jar package name aopalliance Low Vendor jar package name intercept Low Vendor pom artifactid aopalliance Highest Vendor pom artifactid aopalliance Low Vendor pom groupid aopalliance Highest Vendor pom name AOP alliance High Vendor pom url http://aopalliance.sourceforge.net Highest Product file name aopalliance High Product jar package name aop Highest Product jar package name aopalliance Highest Product jar package name intercept Low Product pom artifactid aopalliance Highest Product pom groupid aopalliance Highest Product pom name AOP alliance High Product pom url http://aopalliance.sourceforge.net Medium Version file version 1.0 High Version pom version 1.0 Highest
aopalliance-repackaged-2.5.0-b32.jarDescription:
Dependency Injection Kernel License:
https://glassfish.java.net/nonav/public/CDDL+GPL_1_1.html File Path: /home/runner/.m2/repository/org/glassfish/hk2/external/aopalliance-repackaged/2.5.0-b32/aopalliance-repackaged-2.5.0-b32.jar
MD5: 99809f55109881865ce8b47f03522fb6
SHA1: 6af37c3f8ec6f9e9653ec837eb508da28ce443cd
SHA256: 32a44ed0258c00bb8f0acf7e4dbf000a377bd48702465f6195f878a6dc2024d6
Referenced In Project/Scope: shardingsphere-infra-database-hive:provided
aopalliance-repackaged-2.5.0-b32.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.hive/hive-jdbc@3.1.3
Evidence Type Source Name Value Confidence Vendor file name aopalliance-repackaged High Vendor jar package name aopalliance Highest Vendor Manifest bundle-docurl http://www.oracle.com Low Vendor Manifest bundle-symbolicname org.glassfish.hk2.external.aopalliance-repackaged Medium Vendor pom artifactid aopalliance-repackaged Highest Vendor pom artifactid aopalliance-repackaged Low Vendor pom groupid org.glassfish.hk2.external Highest Vendor pom name aopalliance version repackaged as a module High Vendor pom name aopalliance version ${aopalliance.version} repackaged as a module High Vendor pom parent-artifactid external Low Vendor pom parent-groupid org.glassfish.hk2 Medium Product file name aopalliance-repackaged High Product jar package name aopalliance Highest Product Manifest bundle-docurl http://www.oracle.com Low Product Manifest Bundle-Name aopalliance version 1.0 repackaged as a module Medium Product Manifest bundle-symbolicname org.glassfish.hk2.external.aopalliance-repackaged Medium Product pom artifactid aopalliance-repackaged Highest Product pom groupid org.glassfish.hk2.external Highest Product pom name aopalliance version repackaged as a module High Product pom name aopalliance version ${aopalliance.version} repackaged as a module High Product pom parent-artifactid external Medium Product pom parent-groupid org.glassfish.hk2 Medium Version pom version 2.5.0-b32 Highest
apache-curator-2.12.0.pomDescription:
Curator is a set of Java libraries that make using Apache ZooKeeper much easier.
License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/runner/.m2/repository/org/apache/curator/apache-curator/2.12.0/apache-curator-2.12.0.pom
MD5: afc27d6742f38613eb3053f826a8dd9f
SHA1: 0b1ff6ce0741facb15217ae9254ee7167bc7b15e
SHA256: be25c26d122093bcc625b4cfdfc017583814bd7640c0758de1a5c5de4b0c4919
apache-curator-2.12.0.pom is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.hive/hive-jdbc@3.1.3
Evidence Type Source Name Value Confidence Vendor file name apache-curator High Vendor pom artifactid apache-curator Low Vendor pom developer email cammckenzie@apache.org Low Vendor pom developer email cheddar@apache.org Low Vendor pom developer email dragonsinth@apache.org Low Vendor pom developer email enis@apache.org Low Vendor pom developer email iocanel@apache.org Low Vendor pom developer email lresende@apache.org Low Vendor pom developer email mahadev@apache.org Low Vendor pom developer email mdrob@apache.org Low Vendor pom developer email phunt1@gmail.com Low Vendor pom developer email randgalt@apache.org Low Vendor pom developer email zarfide@apache.org Low Vendor pom developer id cammckenzie Medium Vendor pom developer id cheddar Medium Vendor pom developer id dragonsinth Medium Vendor pom developer id iocanel Medium Vendor pom developer id mdrob Medium Vendor pom developer id randgalt Medium Vendor pom developer id zarfide Medium Vendor pom developer name Cameron McKenzie Medium Vendor pom developer name Enis Söztutar Medium Vendor pom developer name Eric Tschetter Medium Vendor pom developer name Ioannis Canellos Medium Vendor pom developer name Jay Zarfoss Medium Vendor pom developer name Jordan Zimmerman Medium Vendor pom developer name Luciano Resende Medium Vendor pom developer name Mahadev Konar Medium Vendor pom developer name Mike Drob Medium Vendor pom developer name Patrick Hunt Medium Vendor pom developer name Scott Blum Medium Vendor pom groupid org.apache.curator Highest Vendor pom name Apache Curator High Vendor pom organization name The Apache Software Foundation High Vendor pom organization url http://www.apache.org/ Medium Vendor pom parent-artifactid apache Low Vendor pom parent-groupid org.apache Medium Vendor pom url http://curator.apache.org Highest Product file name apache-curator High Product pom artifactid apache-curator Highest Product pom developer email cammckenzie@apache.org Low Product pom developer email cheddar@apache.org Low Product pom developer email dragonsinth@apache.org Low Product pom developer email enis@apache.org Low Product pom developer email iocanel@apache.org Low Product pom developer email lresende@apache.org Low Product pom developer email mahadev@apache.org Low Product pom developer email mdrob@apache.org Low Product pom developer email phunt1@gmail.com Low Product pom developer email randgalt@apache.org Low Product pom developer email zarfide@apache.org Low Product pom developer id cammckenzie Low Product pom developer id cheddar Low Product pom developer id dragonsinth Low Product pom developer id iocanel Low Product pom developer id mdrob Low Product pom developer id randgalt Low Product pom developer id zarfide Low Product pom developer name Cameron McKenzie Low Product pom developer name Enis Söztutar Low Product pom developer name Eric Tschetter Low Product pom developer name Ioannis Canellos Low Product pom developer name Jay Zarfoss Low Product pom developer name Jordan Zimmerman Low Product pom developer name Luciano Resende Low Product pom developer name Mahadev Konar Low Product pom developer name Mike Drob Low Product pom developer name Patrick Hunt Low Product pom developer name Scott Blum Low Product pom groupid org.apache.curator Highest Product pom name Apache Curator High Product pom organization name The Apache Software Foundation Low Product pom organization url http://www.apache.org/ Low Product pom parent-artifactid apache Medium Product pom parent-groupid org.apache Medium Product pom url http://curator.apache.org Medium Version file version 2.12.0 High Version pom parent-version 2.12.0 Low Version pom version 2.12.0 Highest
apache-jsp-9.3.20.v20170531.jarDescription:
Jetty-specific ServletContainerInitializer for Jasper License:
http://www.apache.org/licenses/LICENSE-2.0, http://www.eclipse.org/org/documents/epl-v10.php File Path: /home/runner/.m2/repository/org/eclipse/jetty/apache-jsp/9.3.20.v20170531/apache-jsp-9.3.20.v20170531.jar
MD5: f2fbbd854f5e212b0ccd601a8a8df808
SHA1: dc1b4b9e4b9bd756f25eeba8c8de4b10942ce79f
SHA256: 4d67c749aeafb7096d8e2d84f575743eb2757b54ea8fbb911c8c2bfc71b48d5f
Referenced In Project/Scope: shardingsphere-infra-database-hive:provided
apache-jsp-9.3.20.v20170531.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.hive/hive-jdbc@3.1.3
Evidence Type Source Name Value Confidence Vendor file name apache-jsp High Vendor jar package name apache Highest Vendor jar package name eclipse Highest Vendor jar package name jetty Highest Vendor jar package name jsp Highest Vendor Manifest bundle-copyright Copyright (c) 2008-2017 Mort Bay Consulting Pty. Ltd. Low Vendor Manifest bundle-docurl http://www.eclipse.org/jetty Low Vendor Manifest bundle-requiredexecutionenvironment JavaSE-1.8 Low Vendor Manifest bundle-symbolicname org.eclipse.jetty.apache-jsp Medium Vendor Manifest Implementation-Vendor Eclipse.org - Jetty High Vendor Manifest originally-created-by Apache Maven Bundle Plugin Low Vendor Manifest provide-capability osgi.serviceloader;osgi.serviceloader="javax.servlet.ServletContainerInitializer" Low Vendor Manifest url http://www.eclipse.org/jetty Low Vendor pom artifactid apache-jsp Highest Vendor pom artifactid apache-jsp Low Vendor pom groupid org.eclipse.jetty Highest Vendor pom name Jetty :: Apache JSP Implementation High Vendor pom parent-artifactid jetty-project Low Vendor pom url http://www.eclipse.org/jetty Highest Product file name apache-jsp High Product jar package name apache Highest Product jar package name eclipse Highest Product jar package name jetty Highest Product jar package name jsp Highest Product Manifest bundle-copyright Copyright (c) 2008-2017 Mort Bay Consulting Pty. Ltd. Low Product Manifest bundle-docurl http://www.eclipse.org/jetty Low Product Manifest Bundle-Name Jetty :: Apache JSP Implementation Medium Product Manifest bundle-requiredexecutionenvironment JavaSE-1.8 Low Product Manifest bundle-symbolicname org.eclipse.jetty.apache-jsp Medium Product Manifest originally-created-by Apache Maven Bundle Plugin Low Product Manifest provide-capability osgi.serviceloader;osgi.serviceloader="javax.servlet.ServletContainerInitializer" Low Product Manifest url http://www.eclipse.org/jetty Low Product pom artifactid apache-jsp Highest Product pom groupid org.eclipse.jetty Highest Product pom name Jetty :: Apache JSP Implementation High Product pom parent-artifactid jetty-project Medium Product pom url http://www.eclipse.org/jetty Medium Version file version 9.3.20.v20170531 High Version Manifest Bundle-Version 9.3.20.v20170531 High Version Manifest Implementation-Version 9.3.20.v20170531 High Version pom version 9.3.20.v20170531 Highest
CVE-2017-7657 suppress
In Eclipse Jetty, versions 9.2.x and older, 9.3.x (all configurations), and 9.4.x (non-default configuration with RFC2616 compliance enabled), transfer-encoding chunks are handled poorly. The chunk length parsing was vulnerable to an integer overflow. Thus a large chunk size could be interpreted as a smaller chunk size and content sent as chunk body could be interpreted as a pipelined request. If Jetty was deployed behind an intermediary that imposed some authorization and that intermediary allowed arbitrarily large chunks to be passed on unchanged, then this flaw could be used to bypass the authorization imposed by the intermediary as the fake pipelined request would not be interpreted by the intermediary as a request. CWE-444 Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling'), CWE-190 Integer Overflow or Wraparound
CVSSv2:
Base Score: HIGH (7.5) Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P CVSSv3:
Base Score: CRITICAL (9.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:3.9/RC:R/MAV:A References:
Vulnerable Software & Versions: (show all )
CVE-2017-7658 suppress
In Eclipse Jetty Server, versions 9.2.x and older, 9.3.x (all non HTTP/1.x configurations), and 9.4.x (all HTTP/1.x configurations), when presented with two content-lengths headers, Jetty ignored the second. When presented with a content-length and a chunked encoding header, the content-length was ignored (as per RFC 2616). If an intermediary decided on the shorter length, but still passed on the longer body, then body content could be interpreted by Jetty as a pipelined request. If the intermediary was imposing authorization, the fake pipelined request would bypass that authorization. CWE-444 Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')
CVSSv2:
Base Score: HIGH (7.5) Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P CVSSv3:
Base Score: CRITICAL (9.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:3.9/RC:R/MAV:A References:
Vulnerable Software & Versions: (show all )
CVE-2017-7656 suppress
In Eclipse Jetty, versions 9.2.x and older, 9.3.x (all configurations), and 9.4.x (non-default configuration with RFC2616 compliance enabled), HTTP/0.9 is handled poorly. An HTTP/1 style request line (i.e. method space URI space version) that declares a version of HTTP/0.9 was accepted and treated as a 0.9 request. If deployed behind an intermediary that also accepted and passed through the 0.9 version (but did not act on it), then the response sent could be interpreted by the intermediary as HTTP/1 headers. This could be used to poison the cache if the server allowed the origin client to generate arbitrary content in the response. CWE-444 Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling'), NVD-CWE-noinfo
CVSSv2:
Base Score: MEDIUM (5.0) Vector: /AV:N/AC:L/Au:N/C:N/I:P/A:N CVSSv3:
Base Score: HIGH (7.5) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:3.9/RC:R/MAV:A References:
Vulnerable Software & Versions: (show all )
CVE-2018-12545 suppress
In Eclipse Jetty version 9.3.x and 9.4.x, the server is vulnerable to Denial of Service conditions if a remote client sends either large SETTINGs frames container containing many settings, or many small SETTINGs frames. The vulnerability is due to the additional CPU and memory allocations required to handle changed settings. CWE-400 Uncontrolled Resource Consumption, CWE-770 Allocation of Resources Without Limits or Throttling
CVSSv2:
Base Score: MEDIUM (5.0) Vector: /AV:N/AC:L/Au:N/C:N/I:N/A:P CVSSv3:
Base Score: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:3.9/RC:R/MAV:A References:
Vulnerable Software & Versions: (show all )
CVE-2021-28165 suppress
In Eclipse Jetty 7.2.2 to 9.4.38, 10.0.0.alpha0 to 10.0.1, and 11.0.0.alpha0 to 11.0.1, CPU usage can reach 100% upon receiving a large invalid TLS frame. CWE-400 Uncontrolled Resource Consumption, CWE-755 Improper Handling of Exceptional Conditions, CWE-551 Incorrect Behavior Order: Authorization Before Parsing and Canonicalization
CVSSv2:
Base Score: HIGH (7.8) Vector: /AV:N/AC:L/Au:N/C:N/I:N/A:C CVSSv3:
Base Score: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:3.9/RC:R/MAV:A References:
Vulnerable Software & Versions: (show all )
CVE-2022-2048 suppress
In Eclipse Jetty HTTP/2 server implementation, when encountering an invalid HTTP/2 request, the error handling has a bug that can wind up not properly cleaning up the active connections and associated resources. This can lead to a Denial of Service scenario where there are no enough resources left to process good requests. CWE-664 Improper Control of a Resource Through its Lifetime, NVD-CWE-Other, CWE-410 Insufficient Resource Pool
CVSSv2:
Base Score: MEDIUM (5.0) Vector: /AV:N/AC:L/Au:N/C:N/I:N/A:P CVSSv3:
Base Score: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:3.9/RC:R/MAV:A References:
Vulnerable Software & Versions: (show all )
CVE-2023-36478 suppress
Eclipse Jetty provides a web server and servlet container. In versions 11.0.0 through 11.0.15, 10.0.0 through 10.0.15, and 9.0.0 through 9.4.52, an integer overflow in `MetaDataBuilder.checkSize` allows for HTTP/2 HPACK header values to
exceed their size limit. `MetaDataBuilder.java` determines if a header name or value exceeds the size limit, and throws an exception if the limit is exceeded. However, when length is very large and huffman is true, the multiplication by 4 in line 295
will overflow, and length will become negative. `(_size+length)` will now be negative, and the check on line 296 will not be triggered. Furthermore, `MetaDataBuilder.checkSize` allows for user-entered HPACK header value sizes to be negative, potentially leading to a very large buffer allocation later on when the user-entered size is multiplied by 2. This means that if a user provides a negative length value (or, more precisely, a length value which, when multiplied by the 4/3 fudge factor, is negative), and this length value is a very large positive number when multiplied by 2, then the user can cause a very large buffer to be allocated on the server. Users of HTTP/2 can be impacted by a remote denial of service attack. The issue has been fixed in versions 11.0.16, 10.0.16, and 9.4.53. There are no known workarounds. CWE-400 Uncontrolled Resource Consumption, CWE-190 Integer Overflow or Wraparound
CVSSv3:
Base Score: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:3.9/RC:R/MAV:A References:
Vulnerable Software & Versions: (show all )
CVE-2023-44487 suppress
CISA Known Exploited Vulnerability: Product: IETF HTTP/2 Name: HTTP/2 Rapid Reset Attack Vulnerability Date Added: 2023-10-10 Description: HTTP/2 contains a rapid reset vulnerability that allows for a distributed denial-of-service attack (DDoS). Required Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. Due Date: 2023-10-31 Notes: This vulnerability affects a common open-source component, third-party library, or a protocol used by different products. Please check with specific vendors for information on patching status. For more information, please see: https://blog.cloudflare.com/technical-breakdown-http2-rapid-reset-ddos-attack/
The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. CWE-400 Uncontrolled Resource Consumption
CVSSv3:
Base Score: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:3.9/RC:R/MAV:A References:
cve@mitre.org - EXPLOIT,THIRD_PARTY_ADVISORY cve@mitre.org - ISSUE_TRACKING cve@mitre.org - ISSUE_TRACKING,PATCH,VENDOR_ADVISORY cve@mitre.org - ISSUE_TRACKING,PATCH,VENDOR_ADVISORY cve@mitre.org - ISSUE_TRACKING,PATCH,VENDOR_ADVISORY cve@mitre.org - ISSUE_TRACKING,PATCH,VENDOR_ADVISORY cve@mitre.org - ISSUE_TRACKING,PRESS/MEDIA_COVERAGE cve@mitre.org - ISSUE_TRACKING,THIRD_PARTY_ADVISORY cve@mitre.org - ISSUE_TRACKING,THIRD_PARTY_ADVISORY cve@mitre.org - ISSUE_TRACKING,THIRD_PARTY_ADVISORY cve@mitre.org - ISSUE_TRACKING,THIRD_PARTY_ADVISORY cve@mitre.org - ISSUE_TRACKING,VENDOR_ADVISORY cve@mitre.org - ISSUE_TRACKING,VENDOR_ADVISORY cve@mitre.org - ISSUE_TRACKING,VENDOR_ADVISORY cve@mitre.org - ISSUE_TRACKING,VENDOR_ADVISORY cve@mitre.org - ISSUE_TRACKING,VENDOR_ADVISORY cve@mitre.org - ISSUE_TRACKING,VENDOR_ADVISORY cve@mitre.org - ISSUE_TRACKING,VENDOR_ADVISORY cve@mitre.org - ISSUE_TRACKING,VENDOR_ADVISORY cve@mitre.org - ISSUE_TRACKING,VENDOR_ADVISORY cve@mitre.org - ISSUE_TRACKING,VENDOR_ADVISORY cve@mitre.org - ISSUE_TRACKING,VENDOR_ADVISORY cve@mitre.org - ISSUE_TRACKING,VENDOR_ADVISORY cve@mitre.org - ISSUE_TRACKING,VENDOR_ADVISORY cve@mitre.org - ISSUE_TRACKING,VENDOR_ADVISORY cve@mitre.org - ISSUE_TRACKING,VENDOR_ADVISORY cve@mitre.org - ISSUE_TRACKING,VENDOR_ADVISORY cve@mitre.org - ISSUE_TRACKING,VENDOR_ADVISORY cve@mitre.org - ISSUE_TRACKING,VENDOR_ADVISORY cve@mitre.org - MAILING_LIST cve@mitre.org - MAILING_LIST,PATCH,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,PATCH,VENDOR_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,VENDOR_ADVISORY cve@mitre.org - MAILING_LIST,VENDOR_ADVISORY cve@mitre.org - MITIGATION,PATCH,VENDOR_ADVISORY cve@mitre.org - MITIGATION,PATCH,VENDOR_ADVISORY cve@mitre.org - MITIGATION,VENDOR_ADVISORY cve@mitre.org - MITIGATION,VENDOR_ADVISORY cve@mitre.org - PATCH,THIRD_PARTY_ADVISORY cve@mitre.org - PATCH,THIRD_PARTY_ADVISORY cve@mitre.org - PATCH,VENDOR_ADVISORY cve@mitre.org - PATCH,VENDOR_ADVISORY cve@mitre.org - PATCH,VENDOR_ADVISORY cve@mitre.org - PATCH,VENDOR_ADVISORY cve@mitre.org - PATCH,VENDOR_ADVISORY cve@mitre.org - PATCH,VENDOR_ADVISORY cve@mitre.org - PATCH,VENDOR_ADVISORY cve@mitre.org - PATCH,VENDOR_ADVISORY cve@mitre.org - PATCH,VENDOR_ADVISORY cve@mitre.org - PATCH,VENDOR_ADVISORY cve@mitre.org - PRESS/MEDIA_COVERAGE cve@mitre.org - PRESS/MEDIA_COVERAGE,THIRD_PARTY_ADVISORY cve@mitre.org - PRESS/MEDIA_COVERAGE,THIRD_PARTY_ADVISORY cve@mitre.org - PRESS/MEDIA_COVERAGE,THIRD_PARTY_ADVISORY cve@mitre.org - PRESS/MEDIA_COVERAGE,THIRD_PARTY_ADVISORY cve@mitre.org - PRODUCT,RELEASE_NOTES,VENDOR_ADVISORY cve@mitre.org - PRODUCT,THIRD_PARTY_ADVISORY cve@mitre.org - PRODUCT,THIRD_PARTY_ADVISORY cve@mitre.org - PRODUCT,VENDOR_ADVISORY cve@mitre.org - RELEASE_NOTES,THIRD_PARTY_ADVISORY cve@mitre.org - RELEASE_NOTES,THIRD_PARTY_ADVISORY cve@mitre.org - RELEASE_NOTES,VENDOR_ADVISORY cve@mitre.org - RELEASE_NOTES,VENDOR_ADVISORY cve@mitre.org - TECHNICAL_DESCRIPTION,THIRD_PARTY_ADVISORY cve@mitre.org - TECHNICAL_DESCRIPTION,VENDOR_ADVISORY cve@mitre.org - TECHNICAL_DESCRIPTION,VENDOR_ADVISORY cve@mitre.org - TECHNICAL_DESCRIPTION,VENDOR_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY,US_GOVERNMENT_RESOURCE cve@mitre.org - VENDOR_ADVISORY cve@mitre.org - VENDOR_ADVISORY cve@mitre.org - VENDOR_ADVISORY cve@mitre.org - VENDOR_ADVISORY cve@mitre.org - VENDOR_ADVISORY cve@mitre.org - VENDOR_ADVISORY cve@mitre.org - VENDOR_ADVISORY cve@mitre.org - VENDOR_ADVISORY cve@mitre.org - VENDOR_ADVISORY cve@mitre.org - VENDOR_ADVISORY cve@mitre.org - VENDOR_ADVISORY cve@mitre.org - VENDOR_ADVISORY cve@mitre.org - VENDOR_ADVISORY cve@mitre.org - VENDOR_ADVISORY cve@mitre.org - VENDOR_ADVISORY cve@mitre.org - VENDOR_ADVISORY cve@mitre.org - VENDOR_ADVISORY cve@mitre.org - VENDOR_ADVISORY cve@mitre.org - VENDOR_ADVISORY cve@mitre.org - VENDOR_ADVISORY cve@mitre.org - VENDOR_ADVISORY Vulnerable Software & Versions: (show all )
CVE-2020-27216 suppress
In Eclipse Jetty versions 1.0 thru 9.4.32.v20200930, 10.0.0.alpha1 thru 10.0.0.beta2, and 11.0.0.alpha1 thru 11.0.0.beta2O, on Unix like systems, the system's temporary directory is shared between all users on that system. A collocated user can observe the process of creating a temporary sub directory in the shared temporary directory and race to complete the creation of the temporary subdirectory. If the attacker wins the race then they will have read and write permission to the subdirectory used to unpack web applications, including their WEB-INF/lib jar files and JSP files. If any code is ever executed out of this temporary directory, this can lead to a local privilege escalation vulnerability. CWE-378 Creation of Temporary File With Insecure Permissions, CWE-379 Creation of Temporary File in Directory with Insecure Permissions, NVD-CWE-Other
CVSSv2:
Base Score: MEDIUM (4.4) Vector: /AV:L/AC:M/Au:N/C:P/I:P/A:P CVSSv3:
Base Score: HIGH (7.0) Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:1.0/RC:R/MAV:A References:
emo@eclipse.org - EXPLOIT,MITIGATION,THIRD_PARTY_ADVISORY emo@eclipse.org - EXPLOIT,PATCH,VENDOR_ADVISORY emo@eclipse.org - MAILING_LIST,THIRD_PARTY_ADVISORY emo@eclipse.org - NOT_APPLICABLE,THIRD_PARTY_ADVISORY emo@eclipse.org - PATCH,THIRD_PARTY_ADVISORY emo@eclipse.org - PATCH,THIRD_PARTY_ADVISORY emo@eclipse.org - PATCH,THIRD_PARTY_ADVISORY emo@eclipse.org - PATCH,THIRD_PARTY_ADVISORY emo@eclipse.org - THIRD_PARTY_ADVISORY emo@eclipse.org - THIRD_PARTY_ADVISORY Vulnerable Software & Versions: (show all )
CVE-2019-10241 suppress
In Eclipse Jetty version 9.2.26 and older, 9.3.25 and older, and 9.4.15 and older, the server is vulnerable to XSS conditions if a remote client USES a specially formatted URL against the DefaultServlet or ResourceHandler that is configured for showing a Listing of directory contents. CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVSSv2:
Base Score: MEDIUM (4.3) Vector: /AV:N/AC:M/Au:N/C:N/I:P/A:N CVSSv3:
Base Score: MEDIUM (6.1) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:2.8/RC:R/MAV:A References:
Vulnerable Software & Versions: (show all )
CVE-2018-12536 suppress
In Eclipse Jetty Server, all 9.x versions, on webapps deployed using default Error Handling, when an intentionally bad query arrives that doesn't match a dynamic url-pattern, and is eventually handled by the DefaultServlet's static file serving, the bad characters can trigger a java.nio.file.InvalidPathException which includes the full path to the base resource directory that the DefaultServlet and/or webapp is using. If this InvalidPathException is then handled by the default Error Handler, the InvalidPathException message is included in the error response, revealing the full server path to the requesting system. CWE-209 Generation of Error Message Containing Sensitive Information, NVD-CWE-noinfo
CVSSv2:
Base Score: MEDIUM (5.0) Vector: /AV:N/AC:L/Au:N/C:P/I:N/A:N CVSSv3:
Base Score: MEDIUM (5.3) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:3.9/RC:R/MAV:A References:
Vulnerable Software & Versions: (show all )
CVE-2019-10247 suppress
In Eclipse Jetty version 7.x, 8.x, 9.2.27 and older, 9.3.26 and older, and 9.4.16 and older, the server running on any OS and Jetty version combination will reveal the configured fully qualified directory base resource location on the output of the 404 error for not finding a Context that matches the requested path. The default server behavior on jetty-distribution and jetty-home will include at the end of the Handler tree a DefaultHandler, which is responsible for reporting this 404 error, it presents the various configured contexts as HTML for users to click through to. This produced HTML includes output that contains the configured fully qualified directory base resource location for each context. CWE-213 Exposure of Sensitive Information Due to Incompatible Policies, CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
CVSSv2:
Base Score: MEDIUM (5.0) Vector: /AV:N/AC:L/Au:N/C:P/I:N/A:N CVSSv3:
Base Score: MEDIUM (5.3) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:3.9/RC:R/MAV:A References:
Vulnerable Software & Versions: (show all )
CVE-2021-28169 suppress
For Eclipse Jetty versions <= 9.4.40, <= 10.0.2, <= 11.0.2, it is possible for requests to the ConcatServlet with a doubly encoded path to access protected resources within the WEB-INF directory. For example a request to `/concat?/%2557EB-INF/web.xml` can retrieve the web.xml file. This can reveal sensitive information regarding the implementation of a web application. NVD-CWE-Other, CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
CVSSv2:
Base Score: MEDIUM (5.0) Vector: /AV:N/AC:L/Au:N/C:P/I:N/A:N CVSSv3:
Base Score: MEDIUM (5.3) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:3.9/RC:R/MAV:A References:
Vulnerable Software & Versions: (show all )
CVE-2023-26048 suppress
Jetty is a java based web server and servlet engine. In affected versions servlets with multipart support (e.g. annotated with `@MultipartConfig`) that call `HttpServletRequest.getParameter()` or `HttpServletRequest.getParts()` may cause `OutOfMemoryError` when the client sends a multipart request with a part that has a name but no filename and very large content. This happens even with the default settings of `fileSizeThreshold=0` which should stream the whole part content to disk. An attacker client may send a large multipart request and cause the server to throw `OutOfMemoryError`. However, the server may be able to recover after the `OutOfMemoryError` and continue its service -- although it may take some time. This issue has been patched in versions 9.4.51, 10.0.14, and 11.0.14. Users are advised to upgrade. Users unable to upgrade may set the multipart parameter `maxRequestSize` which must be set to a non-negative value, so the whole multipart content is limited (although still read into memory). CWE-400 Uncontrolled Resource Consumption, CWE-770 Allocation of Resources Without Limits or Throttling
CVSSv3:
Base Score: MEDIUM (5.3) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:3.9/RC:R/MAV:A References:
Vulnerable Software & Versions: (show all )
CVE-2023-26049 suppress
Jetty is a java based web server and servlet engine. Nonstandard cookie parsing in Jetty may allow an attacker to smuggle cookies within other cookies, or otherwise perform unintended behavior by tampering with the cookie parsing mechanism. If Jetty sees a cookie VALUE that starts with `"` (double quote), it will continue to read the cookie string until it sees a closing quote -- even if a semicolon is encountered. So, a cookie header such as: `DISPLAY_LANGUAGE="b; JSESSIONID=1337; c=d"` will be parsed as one cookie, with the name DISPLAY_LANGUAGE and a value of b; JSESSIONID=1337; c=d instead of 3 separate cookies. This has security implications because if, say, JSESSIONID is an HttpOnly cookie, and the DISPLAY_LANGUAGE cookie value is rendered on the page, an attacker can smuggle the JSESSIONID cookie into the DISPLAY_LANGUAGE cookie and thereby exfiltrate it. This is significant when an intermediary is enacting some policy based on cookies, so a smuggled cookie can bypass that policy yet still be seen by the Jetty server or its logging system. This issue has been addressed in versions 9.4.51, 10.0.14, 11.0.14, and 12.0.0.beta0 and users are advised to upgrade. There are no known workarounds for this issue. NVD-CWE-noinfo, CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
CVSSv3:
Base Score: MEDIUM (5.3) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:3.9/RC:R/MAV:A References:
Vulnerable Software & Versions: (show all )
CVE-2023-40167 suppress
Jetty is a Java based web server and servlet engine. Prior to versions 9.4.52, 10.0.16, 11.0.16, and 12.0.1, Jetty accepts the `+` character proceeding the content-length value in a HTTP/1 header field. This is more permissive than allowed by the RFC and other servers routinely reject such requests with 400 responses. There is no known exploit scenario, but it is conceivable that request smuggling could result if jetty is used in combination with a server that does not close the connection after sending such a 400 response. Versions 9.4.52, 10.0.16, 11.0.16, and 12.0.1 contain a patch for this issue. There is no workaround as there is no known exploit scenario. CWE-130 Improper Handling of Length Parameter Inconsistency, NVD-CWE-noinfo
CVSSv3:
Base Score: MEDIUM (5.3) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:3.9/RC:R/MAV:A References:
Vulnerable Software & Versions: (show all )
CVE-2023-36479 suppress
Eclipse Jetty Canonical Repository is the canonical repository for the Jetty project. Users of the CgiServlet with a very specific command structure may have the wrong command executed. If a user sends a request to a org.eclipse.jetty.servlets.CGI Servlet for a binary with a space in its name, the servlet will escape the command by wrapping it in quotation marks. This wrapped command, plus an optional command prefix, will then be executed through a call to Runtime.exec. If the original binary name provided by the user contains a quotation mark followed by a space, the resulting command line will contain multiple tokens instead of one. This issue was patched in version 9.4.52, 10.0.16, 11.0.16 and 12.0.0-beta2.
CWE-149 Improper Neutralization of Quoting Syntax
CVSSv3:
Base Score: MEDIUM (4.3) Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N/E:2.8/RC:R/MAV:A References:
Vulnerable Software & Versions: (show all )
CVE-2021-34428 suppress
For Eclipse Jetty versions <= 9.4.40, <= 10.0.2, <= 11.0.2, if an exception is thrown from the SessionListener#sessionDestroyed() method, then the session ID is not invalidated in the session ID manager. On deployments with clustered sessions and multiple contexts this can result in a session not being invalidated. This can result in an application used on a shared computer being left logged in. CWE-613 Insufficient Session Expiration
CVSSv2:
Base Score: LOW (3.6) Vector: /AV:L/AC:L/Au:N/C:P/I:P/A:N CVSSv3:
Base Score: LOW (3.5) Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N/E:0.9/RC:R/MAV:A References:
Vulnerable Software & Versions: (show all )
CVE-2022-2047 suppress
In Eclipse Jetty versions 9.4.0 thru 9.4.46, and 10.0.0 thru 10.0.9, and 11.0.0 thru 11.0.9 versions, the parsing of the authority segment of an http scheme URI, the Jetty HttpURI class improperly detects an invalid input as a hostname. This can lead to failures in a Proxy scenario. CWE-20 Improper Input Validation
CVSSv2:
Base Score: MEDIUM (4.0) Vector: /AV:N/AC:L/Au:S/C:N/I:P/A:N CVSSv3:
Base Score: LOW (2.7) Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N/E:1.2/RC:R/MAV:A References:
Vulnerable Software & Versions: (show all )
apache-jstl-9.3.20.v20170531.jarDescription:
Jetty module for Apache :: JSTL module License:
http://www.apache.org/licenses/LICENSE-2.0, http://www.eclipse.org/org/documents/epl-v10.php File Path: /home/runner/.m2/repository/org/eclipse/jetty/apache-jstl/9.3.20.v20170531/apache-jstl-9.3.20.v20170531.jar
MD5: b36ea2d4dfdb0617a56fd494b1fa1653
SHA1: d754d019896247a7c1309554a30faa66ce9f4336
SHA256: 6bb660d98555ed44b6710af7ca179bc6328fadfaca17b054d9eafe8276bb9c1b
Referenced In Project/Scope: shardingsphere-infra-database-hive:provided
apache-jstl-9.3.20.v20170531.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.hive/hive-jdbc@3.1.3
Evidence Type Source Name Value Confidence Vendor file name apache-jstl High Vendor Manifest bundle-copyright Copyright (c) 2008-2017 Mort Bay Consulting Pty. Ltd. Low Vendor Manifest bundle-docurl http://www.eclipse.org/jetty Low Vendor Manifest bundle-requiredexecutionenvironment JavaSE-1.8 Low Vendor Manifest bundle-symbolicname org.eclipse.jetty.apache.jstl Medium Vendor Manifest Implementation-Vendor Eclipse.org - Jetty High Vendor Manifest originally-created-by Apache Maven Bundle Plugin Low Vendor Manifest url http://www.eclipse.org/jetty Low Vendor pom artifactid apache-jstl Highest Vendor pom artifactid apache-jstl Low Vendor pom groupid org.eclipse.jetty Highest Vendor pom name Apache :: JSTL module High Vendor pom parent-artifactid jetty-project Low Vendor pom url http://tomcat.apache.org/taglibs/standard/ Highest Product file name apache-jstl High Product Manifest bundle-copyright Copyright (c) 2008-2017 Mort Bay Consulting Pty. Ltd. Low Product Manifest bundle-docurl http://www.eclipse.org/jetty Low Product Manifest Bundle-Name Apache :: JSTL module Medium Product Manifest bundle-requiredexecutionenvironment JavaSE-1.8 Low Product Manifest bundle-symbolicname org.eclipse.jetty.apache.jstl Medium Product Manifest originally-created-by Apache Maven Bundle Plugin Low Product Manifest url http://www.eclipse.org/jetty Low Product pom artifactid apache-jstl Highest Product pom groupid org.eclipse.jetty Highest Product pom name Apache :: JSTL module High Product pom parent-artifactid jetty-project Medium Product pom url http://tomcat.apache.org/taglibs/standard/ Medium Version file version 9.3.20.v20170531 High Version Manifest Bundle-Version 9.3.20.v20170531 High Version Manifest Implementation-Version 9.3.20.v20170531 High Version pom version 9.3.20.v20170531 Highest
CVE-2017-7657 suppress
In Eclipse Jetty, versions 9.2.x and older, 9.3.x (all configurations), and 9.4.x (non-default configuration with RFC2616 compliance enabled), transfer-encoding chunks are handled poorly. The chunk length parsing was vulnerable to an integer overflow. Thus a large chunk size could be interpreted as a smaller chunk size and content sent as chunk body could be interpreted as a pipelined request. If Jetty was deployed behind an intermediary that imposed some authorization and that intermediary allowed arbitrarily large chunks to be passed on unchanged, then this flaw could be used to bypass the authorization imposed by the intermediary as the fake pipelined request would not be interpreted by the intermediary as a request. CWE-444 Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling'), CWE-190 Integer Overflow or Wraparound
CVSSv2:
Base Score: HIGH (7.5) Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P CVSSv3:
Base Score: CRITICAL (9.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:3.9/RC:R/MAV:A References:
Vulnerable Software & Versions: (show all )
CVE-2017-7658 suppress
In Eclipse Jetty Server, versions 9.2.x and older, 9.3.x (all non HTTP/1.x configurations), and 9.4.x (all HTTP/1.x configurations), when presented with two content-lengths headers, Jetty ignored the second. When presented with a content-length and a chunked encoding header, the content-length was ignored (as per RFC 2616). If an intermediary decided on the shorter length, but still passed on the longer body, then body content could be interpreted by Jetty as a pipelined request. If the intermediary was imposing authorization, the fake pipelined request would bypass that authorization. CWE-444 Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')
CVSSv2:
Base Score: HIGH (7.5) Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P CVSSv3:
Base Score: CRITICAL (9.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:3.9/RC:R/MAV:A References:
Vulnerable Software & Versions: (show all )
CVE-2017-7656 suppress
In Eclipse Jetty, versions 9.2.x and older, 9.3.x (all configurations), and 9.4.x (non-default configuration with RFC2616 compliance enabled), HTTP/0.9 is handled poorly. An HTTP/1 style request line (i.e. method space URI space version) that declares a version of HTTP/0.9 was accepted and treated as a 0.9 request. If deployed behind an intermediary that also accepted and passed through the 0.9 version (but did not act on it), then the response sent could be interpreted by the intermediary as HTTP/1 headers. This could be used to poison the cache if the server allowed the origin client to generate arbitrary content in the response. CWE-444 Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling'), NVD-CWE-noinfo
CVSSv2:
Base Score: MEDIUM (5.0) Vector: /AV:N/AC:L/Au:N/C:N/I:P/A:N CVSSv3:
Base Score: HIGH (7.5) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:3.9/RC:R/MAV:A References:
Vulnerable Software & Versions: (show all )
CVE-2018-12545 suppress
In Eclipse Jetty version 9.3.x and 9.4.x, the server is vulnerable to Denial of Service conditions if a remote client sends either large SETTINGs frames container containing many settings, or many small SETTINGs frames. The vulnerability is due to the additional CPU and memory allocations required to handle changed settings. CWE-400 Uncontrolled Resource Consumption, CWE-770 Allocation of Resources Without Limits or Throttling
CVSSv2:
Base Score: MEDIUM (5.0) Vector: /AV:N/AC:L/Au:N/C:N/I:N/A:P CVSSv3:
Base Score: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:3.9/RC:R/MAV:A References:
Vulnerable Software & Versions: (show all )
CVE-2021-28165 suppress
In Eclipse Jetty 7.2.2 to 9.4.38, 10.0.0.alpha0 to 10.0.1, and 11.0.0.alpha0 to 11.0.1, CPU usage can reach 100% upon receiving a large invalid TLS frame. CWE-400 Uncontrolled Resource Consumption, CWE-755 Improper Handling of Exceptional Conditions, CWE-551 Incorrect Behavior Order: Authorization Before Parsing and Canonicalization
CVSSv2:
Base Score: HIGH (7.8) Vector: /AV:N/AC:L/Au:N/C:N/I:N/A:C CVSSv3:
Base Score: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:3.9/RC:R/MAV:A References:
Vulnerable Software & Versions: (show all )
CVE-2022-2048 suppress
In Eclipse Jetty HTTP/2 server implementation, when encountering an invalid HTTP/2 request, the error handling has a bug that can wind up not properly cleaning up the active connections and associated resources. This can lead to a Denial of Service scenario where there are no enough resources left to process good requests. CWE-664 Improper Control of a Resource Through its Lifetime, NVD-CWE-Other, CWE-410 Insufficient Resource Pool
CVSSv2:
Base Score: MEDIUM (5.0) Vector: /AV:N/AC:L/Au:N/C:N/I:N/A:P CVSSv3:
Base Score: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:3.9/RC:R/MAV:A References:
Vulnerable Software & Versions: (show all )
CVE-2023-36478 suppress
Eclipse Jetty provides a web server and servlet container. In versions 11.0.0 through 11.0.15, 10.0.0 through 10.0.15, and 9.0.0 through 9.4.52, an integer overflow in `MetaDataBuilder.checkSize` allows for HTTP/2 HPACK header values to
exceed their size limit. `MetaDataBuilder.java` determines if a header name or value exceeds the size limit, and throws an exception if the limit is exceeded. However, when length is very large and huffman is true, the multiplication by 4 in line 295
will overflow, and length will become negative. `(_size+length)` will now be negative, and the check on line 296 will not be triggered. Furthermore, `MetaDataBuilder.checkSize` allows for user-entered HPACK header value sizes to be negative, potentially leading to a very large buffer allocation later on when the user-entered size is multiplied by 2. This means that if a user provides a negative length value (or, more precisely, a length value which, when multiplied by the 4/3 fudge factor, is negative), and this length value is a very large positive number when multiplied by 2, then the user can cause a very large buffer to be allocated on the server. Users of HTTP/2 can be impacted by a remote denial of service attack. The issue has been fixed in versions 11.0.16, 10.0.16, and 9.4.53. There are no known workarounds. CWE-400 Uncontrolled Resource Consumption, CWE-190 Integer Overflow or Wraparound
CVSSv3:
Base Score: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:3.9/RC:R/MAV:A References:
Vulnerable Software & Versions: (show all )
CVE-2023-44487 suppress
CISA Known Exploited Vulnerability: Product: IETF HTTP/2 Name: HTTP/2 Rapid Reset Attack Vulnerability Date Added: 2023-10-10 Description: HTTP/2 contains a rapid reset vulnerability that allows for a distributed denial-of-service attack (DDoS). Required Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. Due Date: 2023-10-31 Notes: This vulnerability affects a common open-source component, third-party library, or a protocol used by different products. Please check with specific vendors for information on patching status. For more information, please see: https://blog.cloudflare.com/technical-breakdown-http2-rapid-reset-ddos-attack/
The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. CWE-400 Uncontrolled Resource Consumption
CVSSv3:
Base Score: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:3.9/RC:R/MAV:A References:
cve@mitre.org - EXPLOIT,THIRD_PARTY_ADVISORY cve@mitre.org - ISSUE_TRACKING cve@mitre.org - ISSUE_TRACKING,PATCH,VENDOR_ADVISORY cve@mitre.org - ISSUE_TRACKING,PATCH,VENDOR_ADVISORY cve@mitre.org - ISSUE_TRACKING,PATCH,VENDOR_ADVISORY cve@mitre.org - ISSUE_TRACKING,PATCH,VENDOR_ADVISORY cve@mitre.org - ISSUE_TRACKING,PRESS/MEDIA_COVERAGE cve@mitre.org - ISSUE_TRACKING,THIRD_PARTY_ADVISORY cve@mitre.org - ISSUE_TRACKING,THIRD_PARTY_ADVISORY cve@mitre.org - ISSUE_TRACKING,THIRD_PARTY_ADVISORY cve@mitre.org - ISSUE_TRACKING,THIRD_PARTY_ADVISORY cve@mitre.org - ISSUE_TRACKING,VENDOR_ADVISORY cve@mitre.org - ISSUE_TRACKING,VENDOR_ADVISORY cve@mitre.org - ISSUE_TRACKING,VENDOR_ADVISORY cve@mitre.org - ISSUE_TRACKING,VENDOR_ADVISORY cve@mitre.org - ISSUE_TRACKING,VENDOR_ADVISORY cve@mitre.org - ISSUE_TRACKING,VENDOR_ADVISORY cve@mitre.org - ISSUE_TRACKING,VENDOR_ADVISORY cve@mitre.org - ISSUE_TRACKING,VENDOR_ADVISORY cve@mitre.org - ISSUE_TRACKING,VENDOR_ADVISORY cve@mitre.org - ISSUE_TRACKING,VENDOR_ADVISORY cve@mitre.org - ISSUE_TRACKING,VENDOR_ADVISORY cve@mitre.org - ISSUE_TRACKING,VENDOR_ADVISORY cve@mitre.org - ISSUE_TRACKING,VENDOR_ADVISORY cve@mitre.org - ISSUE_TRACKING,VENDOR_ADVISORY cve@mitre.org - ISSUE_TRACKING,VENDOR_ADVISORY cve@mitre.org - ISSUE_TRACKING,VENDOR_ADVISORY cve@mitre.org - ISSUE_TRACKING,VENDOR_ADVISORY cve@mitre.org - ISSUE_TRACKING,VENDOR_ADVISORY cve@mitre.org - MAILING_LIST cve@mitre.org - MAILING_LIST,PATCH,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,PATCH,VENDOR_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,VENDOR_ADVISORY cve@mitre.org - MAILING_LIST,VENDOR_ADVISORY cve@mitre.org - MITIGATION,PATCH,VENDOR_ADVISORY cve@mitre.org - MITIGATION,PATCH,VENDOR_ADVISORY cve@mitre.org - MITIGATION,VENDOR_ADVISORY cve@mitre.org - MITIGATION,VENDOR_ADVISORY cve@mitre.org - PATCH,THIRD_PARTY_ADVISORY cve@mitre.org - PATCH,THIRD_PARTY_ADVISORY cve@mitre.org - PATCH,VENDOR_ADVISORY cve@mitre.org - PATCH,VENDOR_ADVISORY cve@mitre.org - PATCH,VENDOR_ADVISORY cve@mitre.org - PATCH,VENDOR_ADVISORY cve@mitre.org - PATCH,VENDOR_ADVISORY cve@mitre.org - PATCH,VENDOR_ADVISORY cve@mitre.org - PATCH,VENDOR_ADVISORY cve@mitre.org - PATCH,VENDOR_ADVISORY cve@mitre.org - PATCH,VENDOR_ADVISORY cve@mitre.org - PATCH,VENDOR_ADVISORY cve@mitre.org - PRESS/MEDIA_COVERAGE cve@mitre.org - PRESS/MEDIA_COVERAGE,THIRD_PARTY_ADVISORY cve@mitre.org - PRESS/MEDIA_COVERAGE,THIRD_PARTY_ADVISORY cve@mitre.org - PRESS/MEDIA_COVERAGE,THIRD_PARTY_ADVISORY cve@mitre.org - PRESS/MEDIA_COVERAGE,THIRD_PARTY_ADVISORY cve@mitre.org - PRODUCT,RELEASE_NOTES,VENDOR_ADVISORY cve@mitre.org - PRODUCT,THIRD_PARTY_ADVISORY cve@mitre.org - PRODUCT,THIRD_PARTY_ADVISORY cve@mitre.org - PRODUCT,VENDOR_ADVISORY cve@mitre.org - RELEASE_NOTES,THIRD_PARTY_ADVISORY cve@mitre.org - RELEASE_NOTES,THIRD_PARTY_ADVISORY cve@mitre.org - RELEASE_NOTES,VENDOR_ADVISORY cve@mitre.org - RELEASE_NOTES,VENDOR_ADVISORY cve@mitre.org - TECHNICAL_DESCRIPTION,THIRD_PARTY_ADVISORY cve@mitre.org - TECHNICAL_DESCRIPTION,VENDOR_ADVISORY cve@mitre.org - TECHNICAL_DESCRIPTION,VENDOR_ADVISORY cve@mitre.org - TECHNICAL_DESCRIPTION,VENDOR_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY,US_GOVERNMENT_RESOURCE cve@mitre.org - VENDOR_ADVISORY cve@mitre.org - VENDOR_ADVISORY cve@mitre.org - VENDOR_ADVISORY cve@mitre.org - VENDOR_ADVISORY cve@mitre.org - VENDOR_ADVISORY cve@mitre.org - VENDOR_ADVISORY cve@mitre.org - VENDOR_ADVISORY cve@mitre.org - VENDOR_ADVISORY cve@mitre.org - VENDOR_ADVISORY cve@mitre.org - VENDOR_ADVISORY cve@mitre.org - VENDOR_ADVISORY cve@mitre.org - VENDOR_ADVISORY cve@mitre.org - VENDOR_ADVISORY cve@mitre.org - VENDOR_ADVISORY cve@mitre.org - VENDOR_ADVISORY cve@mitre.org - VENDOR_ADVISORY cve@mitre.org - VENDOR_ADVISORY cve@mitre.org - VENDOR_ADVISORY cve@mitre.org - VENDOR_ADVISORY cve@mitre.org - VENDOR_ADVISORY cve@mitre.org - VENDOR_ADVISORY Vulnerable Software & Versions: (show all )
CVE-2020-27216 suppress
In Eclipse Jetty versions 1.0 thru 9.4.32.v20200930, 10.0.0.alpha1 thru 10.0.0.beta2, and 11.0.0.alpha1 thru 11.0.0.beta2O, on Unix like systems, the system's temporary directory is shared between all users on that system. A collocated user can observe the process of creating a temporary sub directory in the shared temporary directory and race to complete the creation of the temporary subdirectory. If the attacker wins the race then they will have read and write permission to the subdirectory used to unpack web applications, including their WEB-INF/lib jar files and JSP files. If any code is ever executed out of this temporary directory, this can lead to a local privilege escalation vulnerability. CWE-378 Creation of Temporary File With Insecure Permissions, CWE-379 Creation of Temporary File in Directory with Insecure Permissions, NVD-CWE-Other
CVSSv2:
Base Score: MEDIUM (4.4) Vector: /AV:L/AC:M/Au:N/C:P/I:P/A:P CVSSv3:
Base Score: HIGH (7.0) Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:1.0/RC:R/MAV:A References:
emo@eclipse.org - EXPLOIT,MITIGATION,THIRD_PARTY_ADVISORY emo@eclipse.org - EXPLOIT,PATCH,VENDOR_ADVISORY emo@eclipse.org - MAILING_LIST,THIRD_PARTY_ADVISORY emo@eclipse.org - NOT_APPLICABLE,THIRD_PARTY_ADVISORY emo@eclipse.org - PATCH,THIRD_PARTY_ADVISORY emo@eclipse.org - PATCH,THIRD_PARTY_ADVISORY emo@eclipse.org - PATCH,THIRD_PARTY_ADVISORY emo@eclipse.org - PATCH,THIRD_PARTY_ADVISORY emo@eclipse.org - THIRD_PARTY_ADVISORY emo@eclipse.org - THIRD_PARTY_ADVISORY Vulnerable Software & Versions: (show all )
CVE-2019-10241 suppress
In Eclipse Jetty version 9.2.26 and older, 9.3.25 and older, and 9.4.15 and older, the server is vulnerable to XSS conditions if a remote client USES a specially formatted URL against the DefaultServlet or ResourceHandler that is configured for showing a Listing of directory contents. CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVSSv2:
Base Score: MEDIUM (4.3) Vector: /AV:N/AC:M/Au:N/C:N/I:P/A:N CVSSv3:
Base Score: MEDIUM (6.1) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:2.8/RC:R/MAV:A References:
Vulnerable Software & Versions: (show all )
CVE-2018-12536 suppress
In Eclipse Jetty Server, all 9.x versions, on webapps deployed using default Error Handling, when an intentionally bad query arrives that doesn't match a dynamic url-pattern, and is eventually handled by the DefaultServlet's static file serving, the bad characters can trigger a java.nio.file.InvalidPathException which includes the full path to the base resource directory that the DefaultServlet and/or webapp is using. If this InvalidPathException is then handled by the default Error Handler, the InvalidPathException message is included in the error response, revealing the full server path to the requesting system. CWE-209 Generation of Error Message Containing Sensitive Information, NVD-CWE-noinfo
CVSSv2:
Base Score: MEDIUM (5.0) Vector: /AV:N/AC:L/Au:N/C:P/I:N/A:N CVSSv3:
Base Score: MEDIUM (5.3) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:3.9/RC:R/MAV:A References:
Vulnerable Software & Versions: (show all )
CVE-2019-10247 suppress
In Eclipse Jetty version 7.x, 8.x, 9.2.27 and older, 9.3.26 and older, and 9.4.16 and older, the server running on any OS and Jetty version combination will reveal the configured fully qualified directory base resource location on the output of the 404 error for not finding a Context that matches the requested path. The default server behavior on jetty-distribution and jetty-home will include at the end of the Handler tree a DefaultHandler, which is responsible for reporting this 404 error, it presents the various configured contexts as HTML for users to click through to. This produced HTML includes output that contains the configured fully qualified directory base resource location for each context. CWE-213 Exposure of Sensitive Information Due to Incompatible Policies, CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
CVSSv2:
Base Score: MEDIUM (5.0) Vector: /AV:N/AC:L/Au:N/C:P/I:N/A:N CVSSv3:
Base Score: MEDIUM (5.3) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:3.9/RC:R/MAV:A References:
Vulnerable Software & Versions: (show all )
CVE-2021-28169 suppress
For Eclipse Jetty versions <= 9.4.40, <= 10.0.2, <= 11.0.2, it is possible for requests to the ConcatServlet with a doubly encoded path to access protected resources within the WEB-INF directory. For example a request to `/concat?/%2557EB-INF/web.xml` can retrieve the web.xml file. This can reveal sensitive information regarding the implementation of a web application. NVD-CWE-Other, CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
CVSSv2:
Base Score: MEDIUM (5.0) Vector: /AV:N/AC:L/Au:N/C:P/I:N/A:N CVSSv3:
Base Score: MEDIUM (5.3) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:3.9/RC:R/MAV:A References:
Vulnerable Software & Versions: (show all )
CVE-2023-26048 suppress
Jetty is a java based web server and servlet engine. In affected versions servlets with multipart support (e.g. annotated with `@MultipartConfig`) that call `HttpServletRequest.getParameter()` or `HttpServletRequest.getParts()` may cause `OutOfMemoryError` when the client sends a multipart request with a part that has a name but no filename and very large content. This happens even with the default settings of `fileSizeThreshold=0` which should stream the whole part content to disk. An attacker client may send a large multipart request and cause the server to throw `OutOfMemoryError`. However, the server may be able to recover after the `OutOfMemoryError` and continue its service -- although it may take some time. This issue has been patched in versions 9.4.51, 10.0.14, and 11.0.14. Users are advised to upgrade. Users unable to upgrade may set the multipart parameter `maxRequestSize` which must be set to a non-negative value, so the whole multipart content is limited (although still read into memory). CWE-400 Uncontrolled Resource Consumption, CWE-770 Allocation of Resources Without Limits or Throttling
CVSSv3:
Base Score: MEDIUM (5.3) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:3.9/RC:R/MAV:A References:
Vulnerable Software & Versions: (show all )
CVE-2023-26049 suppress
Jetty is a java based web server and servlet engine. Nonstandard cookie parsing in Jetty may allow an attacker to smuggle cookies within other cookies, or otherwise perform unintended behavior by tampering with the cookie parsing mechanism. If Jetty sees a cookie VALUE that starts with `"` (double quote), it will continue to read the cookie string until it sees a closing quote -- even if a semicolon is encountered. So, a cookie header such as: `DISPLAY_LANGUAGE="b; JSESSIONID=1337; c=d"` will be parsed as one cookie, with the name DISPLAY_LANGUAGE and a value of b; JSESSIONID=1337; c=d instead of 3 separate cookies. This has security implications because if, say, JSESSIONID is an HttpOnly cookie, and the DISPLAY_LANGUAGE cookie value is rendered on the page, an attacker can smuggle the JSESSIONID cookie into the DISPLAY_LANGUAGE cookie and thereby exfiltrate it. This is significant when an intermediary is enacting some policy based on cookies, so a smuggled cookie can bypass that policy yet still be seen by the Jetty server or its logging system. This issue has been addressed in versions 9.4.51, 10.0.14, 11.0.14, and 12.0.0.beta0 and users are advised to upgrade. There are no known workarounds for this issue. NVD-CWE-noinfo, CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
CVSSv3:
Base Score: MEDIUM (5.3) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:3.9/RC:R/MAV:A References:
Vulnerable Software & Versions: (show all )
CVE-2023-40167 suppress
Jetty is a Java based web server and servlet engine. Prior to versions 9.4.52, 10.0.16, 11.0.16, and 12.0.1, Jetty accepts the `+` character proceeding the content-length value in a HTTP/1 header field. This is more permissive than allowed by the RFC and other servers routinely reject such requests with 400 responses. There is no known exploit scenario, but it is conceivable that request smuggling could result if jetty is used in combination with a server that does not close the connection after sending such a 400 response. Versions 9.4.52, 10.0.16, 11.0.16, and 12.0.1 contain a patch for this issue. There is no workaround as there is no known exploit scenario. CWE-130 Improper Handling of Length Parameter Inconsistency, NVD-CWE-noinfo
CVSSv3:
Base Score: MEDIUM (5.3) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:3.9/RC:R/MAV:A References:
Vulnerable Software & Versions: (show all )
CVE-2023-36479 suppress
Eclipse Jetty Canonical Repository is the canonical repository for the Jetty project. Users of the CgiServlet with a very specific command structure may have the wrong command executed. If a user sends a request to a org.eclipse.jetty.servlets.CGI Servlet for a binary with a space in its name, the servlet will escape the command by wrapping it in quotation marks. This wrapped command, plus an optional command prefix, will then be executed through a call to Runtime.exec. If the original binary name provided by the user contains a quotation mark followed by a space, the resulting command line will contain multiple tokens instead of one. This issue was patched in version 9.4.52, 10.0.16, 11.0.16 and 12.0.0-beta2.
CWE-149 Improper Neutralization of Quoting Syntax
CVSSv3:
Base Score: MEDIUM (4.3) Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N/E:2.8/RC:R/MAV:A References:
Vulnerable Software & Versions: (show all )
CVE-2021-34428 suppress
For Eclipse Jetty versions <= 9.4.40, <= 10.0.2, <= 11.0.2, if an exception is thrown from the SessionListener#sessionDestroyed() method, then the session ID is not invalidated in the session ID manager. On deployments with clustered sessions and multiple contexts this can result in a session not being invalidated. This can result in an application used on a shared computer being left logged in. CWE-613 Insufficient Session Expiration
CVSSv2:
Base Score: LOW (3.6) Vector: /AV:L/AC:L/Au:N/C:P/I:P/A:N CVSSv3:
Base Score: LOW (3.5) Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N/E:0.9/RC:R/MAV:A References:
Vulnerable Software & Versions: (show all )
CVE-2022-2047 suppress
In Eclipse Jetty versions 9.4.0 thru 9.4.46, and 10.0.0 thru 10.0.9, and 11.0.0 thru 11.0.9 versions, the parsing of the authority segment of an http scheme URI, the Jetty HttpURI class improperly detects an invalid input as a hostname. This can lead to failures in a Proxy scenario. CWE-20 Improper Input Validation
CVSSv2:
Base Score: MEDIUM (4.0) Vector: /AV:N/AC:L/Au:S/C:N/I:P/A:N CVSSv3:
Base Score: LOW (2.7) Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N/E:1.2/RC:R/MAV:A References:
Vulnerable Software & Versions: (show all )
apacheds-i18n-2.0.0-M15.jarDescription:
Internationalization of errors and other messages License:
http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/runner/.m2/repository/org/apache/directory/server/apacheds-i18n/2.0.0-M15/apacheds-i18n-2.0.0-M15.jar
MD5: f5877c02fd56ade67713560e589c81b9
SHA1: 71c61c84683152ec2a6a65f3f96fe534e304fa22
SHA256: bd3b7cece7fc6364cbce32b9edd0e9628a3e889c6a93cdeff1b5e2131e2a007c
Referenced In Project/Scope: shardingsphere-infra-database-hive:provided
apacheds-i18n-2.0.0-M15.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.hive/hive-jdbc@3.1.3
Evidence Type Source Name Value Confidence Vendor file name apacheds-i18n High Vendor jar package name apache Highest Vendor jar package name directory Highest Vendor jar package name i18n Highest Vendor jar package name server Highest Vendor Manifest bundle-docurl http://www.apache.org/ Low Vendor Manifest bundle-symbolicname org.apache.directory.server.i18n Medium Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor Manifest Implementation-Vendor-Id org.apache.directory.server Medium Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor pom artifactid apacheds-i18n Highest Vendor pom artifactid apacheds-i18n Low Vendor pom groupid org.apache.directory.server Highest Vendor pom name ApacheDS I18n High Vendor pom parent-artifactid apacheds-parent Low Product file name apacheds-i18n High Product jar package name apache Highest Product jar package name directory Highest Product jar package name i18n Highest Product jar package name server Highest Product Manifest bundle-docurl http://www.apache.org/ Low Product Manifest Bundle-Name ApacheDS I18n Medium Product Manifest bundle-symbolicname org.apache.directory.server.i18n Medium Product Manifest Implementation-Title ApacheDS I18n High Product Manifest specification-title ApacheDS I18n Medium Product pom artifactid apacheds-i18n Highest Product pom groupid org.apache.directory.server Highest Product pom name ApacheDS I18n High Product pom parent-artifactid apacheds-parent Medium Version Manifest Implementation-Version 2.0.0-M15 High Version pom version 2.0.0-M15 Highest
apacheds-kerberos-codec-2.0.0-M15.jarDescription:
The Kerberos protocol encoder/decoder module License:
http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/runner/.m2/repository/org/apache/directory/server/apacheds-kerberos-codec/2.0.0-M15/apacheds-kerberos-codec-2.0.0-M15.jar
MD5: 3118e22eac44e150c383df1d417772f4
SHA1: 1c16e4e477183641c5f0dd5cdecd27ec331bacb5
SHA256: 4996f5b72497e94dd86d64a370158c4fb0049eea9b17ff8b27a4671d6c136ded
Referenced In Project/Scope: shardingsphere-infra-database-hive:provided
apacheds-kerberos-codec-2.0.0-M15.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.hive/hive-jdbc@3.1.3
Evidence Type Source Name Value Confidence Vendor file name apacheds-kerberos-codec High Vendor jar package name apache Highest Vendor jar package name directory Highest Vendor jar package name kerberos Highest Vendor jar package name server Highest Vendor Manifest bundle-docurl http://www.apache.org/ Low Vendor Manifest bundle-symbolicname org.apache.directory.server.kerberos.codec Medium Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor Manifest Implementation-Vendor-Id org.apache.directory.server Medium Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor pom artifactid apacheds-kerberos-codec Highest Vendor pom artifactid apacheds-kerberos-codec Low Vendor pom groupid org.apache.directory.server Highest Vendor pom name ApacheDS Protocol Kerberos Codec High Vendor pom parent-artifactid apacheds-parent Low Product file name apacheds-kerberos-codec High Product jar package name apache Highest Product jar package name directory Highest Product jar package name kerberos Highest Product jar package name server Highest Product Manifest bundle-docurl http://www.apache.org/ Low Product Manifest Bundle-Name ApacheDS Protocol Kerberos Codec Medium Product Manifest bundle-symbolicname org.apache.directory.server.kerberos.codec Medium Product Manifest Implementation-Title ApacheDS Protocol Kerberos Codec High Product Manifest specification-title ApacheDS Protocol Kerberos Codec Medium Product pom artifactid apacheds-kerberos-codec Highest Product pom groupid org.apache.directory.server Highest Product pom name ApacheDS Protocol Kerberos Codec High Product pom parent-artifactid apacheds-parent Medium Version Manifest Implementation-Version 2.0.0-M15 High Version pom version 2.0.0-M15 Highest
api-asn1-api-1.0.0-M20.jarDescription:
ASN.1 API License:
http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/runner/.m2/repository/org/apache/directory/api/api-asn1-api/1.0.0-M20/api-asn1-api-1.0.0-M20.jar
MD5: cf4561832dab76e9f37461342ec18d17
SHA1: 5e6486ffa3125ba44dc410ead166e1d6ba8ac76d
SHA256: 484aaf4b888b0eb699d95bea265c2d5b6ebec951d70e5c5f7691cd52dd4c8298
Referenced In Project/Scope: shardingsphere-infra-database-hive:provided
api-asn1-api-1.0.0-M20.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.hive/hive-jdbc@3.1.3
Evidence Type Source Name Value Confidence Vendor file name api-asn1-api High Vendor jar package name apache Highest Vendor jar package name api Highest Vendor jar package name asn1 Highest Vendor jar package name directory Highest Vendor Manifest bundle-docurl http://www.apache.org/ Low Vendor Manifest bundle-symbolicname org.apache.directory.api.asn1.api Medium Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor Manifest Implementation-Vendor-Id org.apache.directory.api Medium Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor pom artifactid api-asn1-api Highest Vendor pom artifactid api-asn1-api Low Vendor pom groupid org.apache.directory.api Highest Vendor pom name Apache Directory API ASN.1 API High Vendor pom parent-artifactid api-asn1-parent Low Product file name api-asn1-api High Product jar package name apache Highest Product jar package name api Highest Product jar package name asn1 Highest Product jar package name directory Highest Product Manifest bundle-docurl http://www.apache.org/ Low Product Manifest Bundle-Name Apache Directory API ASN.1 API Medium Product Manifest bundle-symbolicname org.apache.directory.api.asn1.api Medium Product Manifest Implementation-Title Apache Directory API ASN.1 API High Product Manifest specification-title Apache Directory API ASN.1 API Medium Product pom artifactid api-asn1-api Highest Product pom groupid org.apache.directory.api Highest Product pom name Apache Directory API ASN.1 API High Product pom parent-artifactid api-asn1-parent Medium Version Manifest Implementation-Version 1.0.0-M20 High Version pom version 1.0.0-M20 Highest
api-util-1.0.0-M20.jarDescription:
Utilities shared across this top level project License:
http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/runner/.m2/repository/org/apache/directory/api/api-util/1.0.0-M20/api-util-1.0.0-M20.jar
MD5: 2c5a6722666882024becdd64301be492
SHA1: a871abf060b3cf83fc6dc4d7e3d151fce50ac3cb
SHA256: fd32fd047ccf143c58d093b58811aa81e539f8cf83c1187809f1a241a1df12d1
Referenced In Project/Scope: shardingsphere-infra-database-hive:provided
api-util-1.0.0-M20.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.hive/hive-jdbc@3.1.3
Evidence Type Source Name Value Confidence Vendor file name api-util High Vendor jar package name apache Highest Vendor jar package name api Highest Vendor jar package name directory Highest Vendor jar package name util Highest Vendor Manifest bundle-docurl http://www.apache.org/ Low Vendor Manifest bundle-symbolicname org.apache.directory.api.util Medium Vendor pom artifactid api-util Highest Vendor pom artifactid api-util Low Vendor pom groupid org.apache.directory.api Highest Vendor pom name Apache Directory LDAP API Utilities High Vendor pom parent-artifactid api-parent Low Product file name api-util High Product jar package name apache Highest Product jar package name api Highest Product jar package name directory Highest Product jar package name util Highest Product Manifest bundle-docurl http://www.apache.org/ Low Product Manifest Bundle-Name Apache Directory LDAP API Utilities Medium Product Manifest bundle-symbolicname org.apache.directory.api.util Medium Product pom artifactid api-util Highest Product pom groupid org.apache.directory.api Highest Product pom name Apache Directory LDAP API Utilities High Product pom parent-artifactid api-parent Medium Version pom version 1.0.0-M20 Highest
CVE-2018-1337 suppress
In Apache Directory LDAP API before 1.0.2, a bug in the way the SSL Filter was setup made it possible for another thread to use the connection before the TLS layer has been established, if the connection has already been used and put back in a pool of connections, leading to leaking any information contained in this request (including the credentials when sending a BIND request). CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
CVSSv2:
Base Score: MEDIUM (5.0) Vector: /AV:N/AC:L/Au:N/C:P/I:N/A:N CVSSv3:
Base Score: CRITICAL (9.8) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:3.9/RC:R/MAV:A References:
Vulnerable Software & Versions:
apiguardian-api-1.1.2.jar arjuna-5.12.7.Final.jarDescription:
Narayana: ArjunaCore Arjuna File Path: /home/runner/.m2/repository/org/jboss/narayana/arjunacore/arjuna/5.12.7.Final/arjuna-5.12.7.Final.jarMD5: 6afb2f988fc993b14be862983032d84aSHA1: d4ff5f6f6864ffaf22ec5e68a60436854798c2f9SHA256: 1f3cec6f61ae44e428d3be694bcc087a25bbec202d8b96c271b633d33bbb6d98Referenced In Projects/Scopes:
shardingsphere-test-e2e-agent-plugins-metrics-prometheus:compile shardingsphere-test-e2e-transaction:compile shardingsphere-test-e2e-agent-plugins-jaeger:compile shardingsphere-test-e2e-sql:compile shardingsphere-test-e2e-agent-plugins-logging-file:compile shardingsphere-test-e2e-agent-plugins-common:compile shardingsphere-test-e2e-env:compile shardingsphere-test-e2e-fixture:compile shardingsphere-test-e2e-agent-plugins-zipkin:compile shardingsphere-transaction-xa-narayana:provided shardingsphere-test-e2e-pipeline:compile shardingsphere-test-e2e-showprocesslist:compile arjuna-5.12.7.Final.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-env@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-common@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-fixture@5.5.1-SNAPSHOT pkg:maven/org.jboss.narayana.jta/jta@5.12.7.Final pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-fixture@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-env@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-common@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-common@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-fixture@5.5.1-SNAPSHOT pkg:maven/org.jboss.narayana.jta/jta@5.12.7.Final pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-common@5.5.1-SNAPSHOT pkg:maven/org.jboss.narayana.jta/jta@5.12.7.Final Evidence Type Source Name Value Confidence Vendor file name arjuna High Vendor jar package name arjuna Highest Vendor Manifest build-jdk-spec 11 Low Vendor Manifest implementation-url http://www.jboss.org/ Low Vendor Manifest Implementation-Vendor JBoss by Red Hat, Inc. High Vendor Manifest Implementation-Vendor-Id http://www.jboss.org/ Medium Vendor Manifest os-arch amd64 Low Vendor Manifest os-name Linux Medium Vendor Manifest specification-vendor JBoss by Red Hat Low Vendor pom artifactid arjuna Highest Vendor pom artifactid arjuna Low Vendor pom groupid org.jboss.narayana.arjunacore Highest Vendor pom name Narayana: ArjunaCore arjuna High Vendor pom parent-artifactid arjunacore-all Low Product file name arjuna High Product jar package name arjuna Highest Product Manifest build-jdk-spec 11 Low Product Manifest Implementation-Title Narayana: ArjunaCore arjuna High Product Manifest implementation-url http://www.jboss.org/ Low Product Manifest os-arch amd64 Low Product Manifest os-name Linux Medium Product Manifest specification-title Narayana: ArjunaCore arjuna Medium Product pom artifactid arjuna Highest Product pom groupid org.jboss.narayana.arjunacore Highest Product pom name Narayana: ArjunaCore arjuna High Product pom parent-artifactid arjunacore-all Medium Version Manifest Implementation-Version 5.12.7.Final High Version pom version 5.12.7.Final Highest
asm-3.1.jarFile Path: /home/runner/.m2/repository/asm/asm/3.1/asm-3.1.jarMD5: b9b8d2d556f9458aac8c463fd511f86dSHA1: c157def142714c544bdea2e6144645702adf7097SHA256: 333ff5369043975b7e031b8b27206937441854738e038c1f47f98d072a20437aReferenced In Project/Scope: shardingsphere-infra-database-hive:providedasm-3.1.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.hive/hive-jdbc@3.1.3
Evidence Type Source Name Value Confidence Vendor file name asm High Vendor jar package name asm Highest Vendor Manifest Implementation-Vendor France Telecom R&D High Vendor pom artifactid asm Highest Vendor pom artifactid asm Low Vendor pom groupid asm Highest Vendor pom name ASM Core High Vendor pom parent-artifactid asm-parent Low Product file name asm High Product jar package name asm Highest Product Manifest Implementation-Title ASM High Product pom artifactid asm Highest Product pom groupid asm Highest Product pom name ASM Core High Product pom parent-artifactid asm-parent Medium Version file version 3.1 High Version Manifest Implementation-Version 3.1 High Version pom version 3.1 Highest
asm-9.3.jar asm-commons-5.0.1.jarFile Path: /home/runner/.m2/repository/org/ow2/asm/asm-commons/5.0.1/asm-commons-5.0.1.jarMD5: 6b6ec238db815d6041bd1cea62eacc06SHA1: 7b7147a390a93a14d2edfdcf3f7b0e87a0939c3eSHA256: fb1cb7fa27d892712ced8fbf8d027eb5052ecd3999dba1ba47824357accb40e7Referenced In Project/Scope: shardingsphere-infra-database-hive:providedasm-commons-5.0.1.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.hive/hive-jdbc@3.1.3
Evidence Type Source Name Value Confidence Vendor file name asm-commons High Vendor jar package name asm Highest Vendor jar package name commons Highest Vendor jar package name objectweb Highest Vendor Manifest bundle-docurl http://asm.objectweb.org Low Vendor Manifest bundle-requiredexecutionenvironment J2SE-1.3 Low Vendor Manifest bundle-symbolicname org.objectweb.asm.commons Medium Vendor Manifest Implementation-Vendor France Telecom R&D High Vendor pom artifactid asm-commons Highest Vendor pom artifactid asm-commons Low Vendor pom groupid org.ow2.asm Highest Vendor pom name ASM Commons High Vendor pom parent-artifactid asm-parent Low Product file name asm-commons High Product jar package name asm Highest Product jar package name commons Highest Product jar package name objectweb Highest Product Manifest bundle-docurl http://asm.objectweb.org Low Product Manifest Bundle-Name ASM commons classes Medium Product Manifest bundle-requiredexecutionenvironment J2SE-1.3 Low Product Manifest bundle-symbolicname org.objectweb.asm.commons Medium Product Manifest Implementation-Title ASM commons classes High Product pom artifactid asm-commons Highest Product pom groupid org.ow2.asm Highest Product pom name ASM Commons High Product pom parent-artifactid asm-parent Medium Version file version 5.0.1 High Version Manifest Bundle-Version 5.0.1 High Version Manifest Implementation-Version 5.0.1 High Version pom version 5.0.1 Highest
asm-tree-5.0.1.jarFile Path: /home/runner/.m2/repository/org/ow2/asm/asm-tree/5.0.1/asm-tree-5.0.1.jarMD5: 5924c798a4e14d0192f1a6f33f726c2cSHA1: 1b1e6e9d869acd704056d0a4223071a511c619e6SHA256: ff2aceed10da9930a44f6c8f81c6372d5e55eb59c4e0ea9d37f77dfd765fa9faReferenced In Project/Scope: shardingsphere-infra-database-hive:providedasm-tree-5.0.1.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.hive/hive-jdbc@3.1.3
Evidence Type Source Name Value Confidence Vendor file name asm-tree High Vendor jar package name asm Highest Vendor jar package name objectweb Highest Vendor jar package name tree Highest Vendor Manifest bundle-docurl http://asm.objectweb.org Low Vendor Manifest bundle-requiredexecutionenvironment J2SE-1.3 Low Vendor Manifest bundle-symbolicname org.objectweb.asm.tree Medium Vendor Manifest Implementation-Vendor France Telecom R&D High Vendor pom artifactid asm-tree Highest Vendor pom artifactid asm-tree Low Vendor pom groupid org.ow2.asm Highest Vendor pom name ASM Tree High Vendor pom parent-artifactid asm-parent Low Product file name asm-tree High Product jar package name asm Highest Product jar package name objectweb Highest Product jar package name tree Highest Product Manifest bundle-docurl http://asm.objectweb.org Low Product Manifest Bundle-Name ASM Tree class visitor Medium Product Manifest bundle-requiredexecutionenvironment J2SE-1.3 Low Product Manifest bundle-symbolicname org.objectweb.asm.tree Medium Product Manifest Implementation-Title ASM Tree class visitor High Product pom artifactid asm-tree Highest Product pom groupid org.ow2.asm Highest Product pom name ASM Tree High Product pom parent-artifactid asm-parent Medium Version file version 5.0.1 High Version Manifest Bundle-Version 5.0.1 High Version Manifest Implementation-Version 5.0.1 High Version pom version 5.0.1 Highest
atomikos-util-6.0.0.jarFile Path: /home/runner/.m2/repository/com/atomikos/atomikos-util/6.0.0/atomikos-util-6.0.0.jarMD5: 555f508cae8ff9e096dfda46ba511c41SHA1: dafeb49d4b1e86ef060a0e272ef922558ae24340SHA256: d70cdbeb3fc6d3fab10dc06371b371a0c8c5f7216c6bc51e92817251567c68b2Referenced In Projects/Scopes:
shardingsphere-proxy-backend-opengauss:compile shardingsphere-test-e2e-agent-plugins-metrics-prometheus:compile shardingsphere-test-e2e-agent-plugins-jaeger:compile shardingsphere-agent-metrics-core:provided shardingsphere-proxy-backend-postgresql:compile shardingsphere-agent-logging-type:provided shardingsphere-proxy-native-distribution:compile shardingsphere-agent-tracing-core:provided shardingsphere-test-e2e-sql:compile shardingsphere-proxy-backend-hbase:compile shardingsphere-agent-logging-file:provided shardingsphere-test-e2e-env:compile shardingsphere-test-e2e-fixture:compile shardingsphere-agent-plugin-core:provided shardingsphere-test-e2e-agent-plugins-zipkin:compile shardingsphere-proxy-frontend-opengauss:compile shardingsphere-agent-plugin-logging:provided shardingsphere-proxy-backend-core:compile shardingsphere-test-e2e-showprocesslist:compile shardingsphere-proxy-distribution:compile shardingsphere-test-e2e-transaction:compile shardingsphere-agent-metrics-type:provided shardingsphere-agent-tracing-opentelemetry:provided shardingsphere-proxy-frontend-postgresql:compile shardingsphere-transaction-xa-atomikos:compile shardingsphere-agent-metrics-prometheus:provided shardingsphere-proxy-frontend-mysql:compile shardingsphere-test-e2e-agent-plugins-logging-file:compile shardingsphere-test-e2e-agent-plugins-common:compile shardingsphere-transaction-xa-core:compile shardingsphere-agent-tracing-type:provided shardingsphere-proxy-frontend-core:compile shardingsphere-proxy-bootstrap:compile shardingsphere-proxy-frontend-spi:compile shardingsphere-agent-plugin-metrics:provided shardingsphere-agent-plugins:provided shardingsphere-agent-plugin-tracing:provided shardingsphere-proxy-backend-mysql:compile shardingsphere-test-e2e-pipeline:compile atomikos-util-6.0.0.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-common@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-common@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-transaction-xa-core@5.5.1-SNAPSHOT pkg:maven/com.atomikos/transactions@6.0.0 pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-fixture@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-postgresql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-env@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-fixture@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/com.atomikos/transactions@6.0.0 pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-bootstrap@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-transaction-xa-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-common@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-bootstrap@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-transaction-xa-atomikos@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-common@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-fixture@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-env@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT Evidence Type Source Name Value Confidence Vendor file name atomikos-util High Vendor jar package name atomikos Highest Vendor jar package name atomikos Low Vendor jar package name util Highest Vendor pom artifactid atomikos-util Highest Vendor pom artifactid atomikos-util Low Vendor pom groupid com.atomikos Highest Vendor pom name Atomikos Util High Vendor pom parent-artifactid ate Low Product file name atomikos-util High Product jar package name atomikos Highest Product jar package name util Highest Product pom artifactid atomikos-util Highest Product pom groupid com.atomikos Highest Product pom name Atomikos Util High Product pom parent-artifactid ate Medium Version file version 6.0.0 High Version pom version 6.0.0 Highest
audience-annotations-0.12.0.jarDescription:
Annotations for defining API boundaries and tools for managing javadocs File Path: /home/runner/.m2/repository/org/apache/yetus/audience-annotations/0.12.0/audience-annotations-0.12.0.jarMD5: 76ba71bbe18c4724d96bec68bbe12ff1SHA1: e0efa60318229590103e31c69ebdaae56d903644SHA256: ffb101fc066360ff3c77457c927fd7967fb096a6ee9e046ab7071447d8208efcReferenced In Projects/Scopes:
shardingsphere-cluster-mode-repository-zookeeper:compile shardingsphere-agent-metrics-core:provided shardingsphere-proxy-native-distribution:compile shardingsphere-agent-tracing-core:provided shardingsphere-test-e2e-sql:compile shardingsphere-proxy-backend-hbase:compile shardingsphere-agent-logging-file:provided shardingsphere-test-e2e-fixture:compile shardingsphere-agent-plugin-core:provided shardingsphere-test-e2e-agent-plugins-zipkin:compile shardingsphere-agent-plugin-logging:provided shardingsphere-test-e2e-showprocesslist:compile shardingsphere-proxy-distribution:compile shardingsphere-infra-database-hive:provided shardingsphere-test-e2e-transaction:compile shardingsphere-agent-metrics-type:provided shardingsphere-agent-tracing-opentelemetry:provided shardingsphere-data-pipeline-opengauss:compile shardingsphere-data-pipeline-core:compile shardingsphere-test-e2e-agent-plugins-logging-file:compile shardingsphere-schedule-core:compile shardingsphere-agent-tracing-type:provided shardingsphere-proxy-frontend-spi:compile shardingsphere-agent-plugins:provided shardingsphere-agent-plugin-tracing:provided shardingsphere-test-e2e-pipeline:compile shardingsphere-proxy-backend-opengauss:compile shardingsphere-data-pipeline-scenario-consistencycheck:compile shardingsphere-test-e2e-agent-plugins-metrics-prometheus:compile shardingsphere-test-e2e-agent-plugins-jaeger:compile shardingsphere-proxy-backend-postgresql:compile shardingsphere-agent-logging-type:provided shardingsphere-data-pipeline-cdc-core:compile shardingsphere-data-pipeline-postgresql:compile shardingsphere-data-pipeline-mysql:compile shardingsphere-test-e2e-env:compile shardingsphere-proxy-frontend-opengauss:compile shardingsphere-proxy-backend-core:compile shardingsphere-test-it-pipeline:compile shardingsphere-proxy-frontend-postgresql:compile shardingsphere-agent-metrics-prometheus:provided shardingsphere-proxy-frontend-mysql:compile shardingsphere-test-e2e-agent-plugins-common:compile shardingsphere-proxy-frontend-core:compile shardingsphere-proxy-bootstrap:compile shardingsphere-data-pipeline-distsql-handler:compile shardingsphere-agent-plugin-metrics:provided shardingsphere-data-pipeline-scenario-migration:compile shardingsphere-proxy-backend-mysql:compile audience-annotations-0.12.0.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-mysql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-bootstrap@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-cluster-mode-repository-zookeeper@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-bootstrap@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-common@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-bootstrap@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-fixture@5.5.1-SNAPSHOT pkg:maven/org.apache.curator/curator-test@5.6.0 pkg:maven/org.apache.shardingsphere/shardingsphere-cluster-mode-repository-zookeeper@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-postgresql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-bootstrap@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-bootstrap@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-scenario-consistencycheck@5.5.1-SNAPSHOT pkg:maven/org.apache.hive/hive-jdbc@3.1.3 pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere.elasticjob/elasticjob-lite-core@3.0.4 pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-bootstrap@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-env@5.5.1-SNAPSHOT pkg:maven/org.apache.curator/curator-client@5.6.0 pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-bootstrap@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-common@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-env@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-fixture@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-common@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-common@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-postgresql@5.5.1-SNAPSHOT Evidence Type Source Name Value Confidence Vendor file name audience-annotations High Vendor jar package name apache Highest Vendor jar package name audience Highest Vendor jar package name tools Highest Vendor jar package name yetus Highest Vendor Manifest implementation-url https://yetus.apache.org/audience-annotations Low Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor Manifest Implementation-Vendor-Id org.apache.yetus Medium Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor pom artifactid audience-annotations Highest Vendor pom artifactid audience-annotations Low Vendor pom groupid org.apache.yetus Highest Vendor pom name Apache Yetus - Audience Annotations High Vendor pom parent-artifactid yetus-project Low Product file name audience-annotations High Product jar package name apache Highest Product jar package name audience Highest Product jar package name tools Highest Product jar package name yetus Highest Product Manifest Implementation-Title Apache Yetus - Audience Annotations High Product Manifest implementation-url https://yetus.apache.org/audience-annotations Low Product Manifest specification-title Apache Yetus - Audience Annotations Medium Product pom artifactid audience-annotations Highest Product pom groupid org.apache.yetus Highest Product pom name Apache Yetus - Audience Annotations High Product pom parent-artifactid yetus-project Medium Version file version 0.12.0 High Version Manifest Implementation-Version 0.12.0 High Version pom version 0.12.0 Highest
avatica-core-1.23.0.jar avro-1.8.2.jar (shaded: com.google.guava:guava:11.0.2)Description:
Guava is a suite of core and expanded libraries that include
utility classes, google's collections, io classes, and much
much more.
This project is a complete packaging of all the Guava libraries
into a single jar. Individual portions of Guava can be used
by downloading the appropriate module and its dependencies.
Guava (complete) has only one code dependency - javax.annotation,
per the JSR-305 spec.
File Path: /home/runner/.m2/repository/org/apache/avro/avro/1.8.2/avro-1.8.2.jar/META-INF/maven/com.google.guava/guava/pom.xmlMD5: 07a0a23085fd6bbb576acc145ee549dcSHA1: 906d56dcbd43343b6ca42188ae18ba98dc6c2fdfSHA256: dade5f381a729bbc6a4e2f8d0832888f946fd3c294e05fc30bd200718ecf4c73Referenced In Project/Scope: shardingsphere-infra-database-hive:provided
Evidence Type Source Name Value Confidence Vendor pom artifactid guava Low Vendor pom groupid com.google.guava Highest Vendor pom name Guava: Google Core Libraries for Java High Vendor pom parent-artifactid guava-parent Low Product pom artifactid guava Highest Product pom groupid com.google.guava Highest Product pom name Guava: Google Core Libraries for Java High Product pom parent-artifactid guava-parent Medium Version pom version 11.0.2 Highest
CVE-2023-2976 suppress
Use of Java's default temporary directory for file creation in `FileBackedOutputStream` in Google Guava versions 1.0 to 31.1 on Unix systems and Android Ice Cream Sandwich allows other users and apps on the machine with access to the default Java temporary directory to be able to access the files created by the class.
Even though the security vulnerability is fixed in version 32.0.0, we recommend using version 32.0.1 as version 32.0.0 breaks some functionality under Windows.
CWE-552 Files or Directories Accessible to External Parties
CVSSv3:
Base Score: HIGH (7.1) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N/E:1.8/RC:R/MAV:A References:
Vulnerable Software & Versions:
CVE-2018-10237 suppress
Unbounded memory allocation in Google Guava 11.0 through 24.x before 24.1.1 allows remote attackers to conduct denial of service attacks against servers that depend on this library and deserialize attacker-provided data, because the AtomicDoubleArray class (when serialized with Java serialization) and the CompoundOrdering class (when serialized with GWT serialization) perform eager allocation without appropriate checks on what a client has sent and whether the data size is reasonable. CWE-770 Allocation of Resources Without Limits or Throttling
CVSSv2:
Base Score: MEDIUM (4.3) Vector: /AV:N/AC:M/Au:N/C:N/I:N/A:P CVSSv3:
Base Score: MEDIUM (5.9) Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:2.2/RC:R/MAV:A References:
Vulnerable Software & Versions: (show all )
CVE-2020-8908 suppress
A temp directory creation vulnerability exists in all versions of Guava, allowing an attacker with access to the machine to potentially access data in a temporary directory created by the Guava API com.google.common.io.Files.createTempDir(). By default, on unix-like systems, the created directory is world-readable (readable by an attacker with access to the system). The method in question has been marked @Deprecated in versions 30.0 and later and should not be used. For Android developers, we recommend choosing a temporary directory API provided by Android, such as context.getCacheDir(). For other Java developers, we recommend migrating to the Java 7 API java.nio.file.Files.createTempDirectory() which explicitly configures permissions of 700, or configuring the Java runtime's java.io.tmpdir system property to point to a location whose permissions are appropriately configured.
CWE-378 Creation of Temporary File With Insecure Permissions, CWE-732 Incorrect Permission Assignment for Critical Resource
CVSSv2:
Base Score: LOW (2.1) Vector: /AV:L/AC:L/Au:N/C:P/I:N/A:N CVSSv3:
Base Score: LOW (3.3) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:1.8/RC:R/MAV:A References:
Vulnerable Software & Versions: (show all )
avro-1.8.2.jar (shaded: org.apache.avro:avro-guava-dependencies:1.8.2)Description:
Temporary artifact of guava dependencies File Path: /home/runner/.m2/repository/org/apache/avro/avro/1.8.2/avro-1.8.2.jar/META-INF/maven/org.apache.avro/avro-guava-dependencies/pom.xmlMD5: 1117ab0e3aa409849f56cb09776d930eSHA1: 23d4a56f8c32dbfd25bf866f626ebfa4a65e7fcfSHA256: d0b0d846cc6327f8c4845d56f4471603287eb83ce2e116fa79795042761c2486Referenced In Project/Scope: shardingsphere-infra-database-hive:provided
Evidence Type Source Name Value Confidence Vendor pom artifactid avro-guava-dependencies Low Vendor pom groupid org.apache.avro Highest Vendor pom name Apache Avro Guava Dependencies High Vendor pom parent-artifactid avro-parent Low Vendor pom url http://avro.apache.org Highest Product pom artifactid avro-guava-dependencies Highest Product pom groupid org.apache.avro Highest Product pom name Apache Avro Guava Dependencies High Product pom parent-artifactid avro-parent Medium Product pom url http://avro.apache.org Medium Version pom version 1.8.2 Highest
CVE-2023-37475 suppress
Hamba avro is a go lang encoder/decoder implementation of the avro codec specification. In affected versions a well-crafted string passed to avro's `github.com/hamba/avro/v2.Unmarshal()` can throw a `fatal error: runtime: out of memory` which is unrecoverable and can cause denial of service of the consumer of avro. The root cause of the issue is that avro uses part of the input to `Unmarshal()` to determine the size when creating a new slice and hence an attacker may consume arbitrary amounts of memory which in turn may cause the application to crash. This issue has been addressed in commit `b4a402f4` which has been included in release version `2.13.0`. Users are advised to upgrade. There are no known workarounds for this vulnerability. CWE-400 Uncontrolled Resource Consumption
CVSSv3:
Base Score: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:3.9/RC:R/MAV:A References:
Vulnerable Software & Versions:
avro-1.8.2.jarDescription:
Avro core components License:
http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/runner/.m2/repository/org/apache/avro/avro/1.8.2/avro-1.8.2.jar
MD5: 10395e5a571e1a1f6113411f276d2fea
SHA1: 91e3146dfff4bd510181032c8276a3a0130c0697
SHA256: f754a0830ce67a5a9fa67a54ec15d103ef15e1c850d7b26faf7b647eeddc82d3
Referenced In Project/Scope: shardingsphere-infra-database-hive:provided
avro-1.8.2.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.hive/hive-jdbc@3.1.3
Evidence Type Source Name Value Confidence Vendor file name avro High Vendor jar package name apache Highest Vendor jar package name avro Highest Vendor Manifest bundle-docurl http://www.apache.org/ Low Vendor Manifest bundle-symbolicname avro Medium Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor Manifest Implementation-Vendor-Id org.apache.avro Medium Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor pom artifactid avro Highest Vendor pom artifactid avro Low Vendor pom groupid org.apache.avro Highest Vendor pom name Apache Avro High Vendor pom parent-artifactid avro-parent Low Vendor pom url http://avro.apache.org Highest Product file name avro High Product jar package name apache Highest Product jar package name avro Highest Product Manifest bundle-docurl http://www.apache.org/ Low Product Manifest Bundle-Name Apache Avro Medium Product Manifest bundle-symbolicname avro Medium Product Manifest Implementation-Title Apache Avro High Product Manifest specification-title Apache Avro Medium Product pom artifactid avro Highest Product pom groupid org.apache.avro Highest Product pom name Apache Avro High Product pom parent-artifactid avro-parent Medium Product pom url http://avro.apache.org Medium Version file version 1.8.2 High Version Manifest Bundle-Version 1.8.2 High Version Manifest Implementation-Version 1.8.2 High Version pom version 1.8.2 Highest
CVE-2023-39410 (OSSINDEX) suppress
When deserializing untrusted or corrupted data, it is possible for a reader to consume memory beyond the allowed constraints and thus lead to out of memory on the system.
This issue affects Java applications using Apache Avro Java SDK up to and including 1.11.2. Users should update to apache-avro version 1.11.3 which addresses this issue.
CWE-502 Deserialization of Untrusted Data
CVSSv3:
Base Score: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H References:
Vulnerable Software & Versions (OSSINDEX):
cpe:2.3:a:org.apache.avro:avro:1.8.2:*:*:*:*:*:*:* bcpkix-jdk15on-1.70.jarDescription:
The Bouncy Castle Java APIs for CMS, PKCS, EAC, TSP, CMP, CRMF, OCSP, and certificate generation. This jar contains APIs for JDK 1.5 and up. The APIs can be used in conjunction with a JCE/JCA provider such as the one provided with the Bouncy Castle Cryptography APIs. License:
Bouncy Castle Licence: https://www.bouncycastle.org/licence.html File Path: /home/runner/.m2/repository/org/bouncycastle/bcpkix-jdk15on/1.70/bcpkix-jdk15on-1.70.jar
MD5: 2c383f50d41937eae4fd32c35d8668cd
SHA1: f81e5af49571a9d5a109a88f239a73ce87055417
SHA256: e5b9cb821df57f70b0593358e89c0e8d7266515da9d088af6c646f63d433c07c
Referenced In Projects/Scopes: shardingsphere-proxy-distribution:compile shardingsphere-test-e2e-agent-plugins-metrics-prometheus:compile shardingsphere-test-e2e-transaction:compile shardingsphere-test-e2e-agent-plugins-jaeger:compile shardingsphere-agent-metrics-core:provided shardingsphere-agent-tracing-opentelemetry:provided shardingsphere-proxy-native-distribution:compile shardingsphere-agent-tracing-core:provided shardingsphere-test-e2e-sql:compile shardingsphere-proxy-frontend-postgresql:compile shardingsphere-agent-metrics-prometheus:provided shardingsphere-proxy-frontend-mysql:compile shardingsphere-test-e2e-agent-plugins-logging-file:compile shardingsphere-test-e2e-agent-plugins-common:compile shardingsphere-agent-tracing-type:provided shardingsphere-proxy-frontend-core:compile shardingsphere-test-e2e-env:compile shardingsphere-test-e2e-fixture:compile shardingsphere-proxy-bootstrap:compile shardingsphere-test-e2e-agent-plugins-zipkin:compile shardingsphere-proxy-frontend-opengauss:compile shardingsphere-test-e2e-pipeline:compile shardingsphere-test-e2e-showprocesslist:compile bcpkix-jdk15on-1.70.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-bootstrap@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-common@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-common@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-bootstrap@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-common@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-fixture@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-env@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-postgresql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-common@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-fixture@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-bootstrap@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-env@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-core@5.5.1-SNAPSHOT Evidence Type Source Name Value Confidence Vendor file name bcpkix-jdk15on High Vendor jar package name bouncycastle Highest Vendor jar package name cmp Highest Vendor jar package name cms Highest Vendor jar package name crmf Highest Vendor jar package name eac Highest Vendor jar package name ocsp Highest Vendor jar package name pkcs Highest Vendor jar package name pkix Highest Vendor jar package name tsp Highest Vendor Manifest application-library-allowable-codebase * Low Vendor Manifest application-name Bouncy Castle PKIX API Medium Vendor Manifest automatic-module-name org.bouncycastle.pkix Medium Vendor Manifest bundle-requiredexecutionenvironment J2SE-1.5 Low Vendor Manifest bundle-symbolicname bcpkix Medium Vendor Manifest caller-allowable-codebase * Low Vendor Manifest codebase * Low Vendor Manifest extension-name org.bouncycastle.bcpkix Medium Vendor Manifest Implementation-Vendor BouncyCastle.org High Vendor Manifest Implementation-Vendor-Id org.bouncycastle Medium Vendor Manifest multi-release true Low Vendor Manifest originally-created-by 25.292-b10 (Private Build) Low Vendor Manifest permissions all-permissions Low Vendor Manifest specification-vendor BouncyCastle.org Low Vendor Manifest trusted-library true Low Vendor pom artifactid bcpkix-jdk15on Highest Vendor pom artifactid bcpkix-jdk15on Low Vendor pom developer email feedback-crypto@bouncycastle.org Low Vendor pom developer id feedback-crypto Medium Vendor pom developer name The Legion of the Bouncy Castle Inc. Medium Vendor pom groupid org.bouncycastle Highest Vendor pom name Bouncy Castle PKIX, CMS, EAC, TSP, PKCS, OCSP, CMP, and CRMF APIs High Vendor pom url https://www.bouncycastle.org/java.html Highest Product file name bcpkix-jdk15on High Product jar package name bouncycastle Highest Product jar package name cmp Highest Product jar package name cms Highest Product jar package name crmf Highest Product jar package name eac Highest Product jar package name ocsp Highest Product jar package name pkcs Highest Product jar package name pkix Highest Product jar package name tsp Highest Product Manifest application-library-allowable-codebase * Low Product Manifest application-name Bouncy Castle PKIX API Medium Product Manifest automatic-module-name org.bouncycastle.pkix Medium Product Manifest Bundle-Name bcpkix Medium Product Manifest bundle-requiredexecutionenvironment J2SE-1.5 Low Product Manifest bundle-symbolicname bcpkix Medium Product Manifest caller-allowable-codebase * Low Product Manifest codebase * Low Product Manifest extension-name org.bouncycastle.bcpkix Medium Product Manifest multi-release true Low Product Manifest originally-created-by 25.292-b10 (Private Build) Low Product Manifest permissions all-permissions Low Product Manifest trusted-library true Low Product pom artifactid bcpkix-jdk15on Highest Product pom developer email feedback-crypto@bouncycastle.org Low Product pom developer id feedback-crypto Low Product pom developer name The Legion of the Bouncy Castle Inc. Low Product pom groupid org.bouncycastle Highest Product pom name Bouncy Castle PKIX, CMS, EAC, TSP, PKCS, OCSP, CMP, and CRMF APIs High Product pom url https://www.bouncycastle.org/java.html Medium Version file version 1.70 High Version Manifest Bundle-Version 1.70 High Version pom version 1.70 Highest
CVE-2023-33202 suppress
Bouncy Castle for Java before 1.73 contains a potential Denial of Service (DoS) issue within the Bouncy Castle org.bouncycastle.openssl.PEMParser class. This class parses OpenSSL PEM encoded streams containing X.509 certificates, PKCS8 encoded keys, and PKCS7 objects. Parsing a file that has crafted ASN.1 data through the PEMParser causes an OutOfMemoryError, which can enable a denial of service attack. (For users of the FIPS Java API: BC-FJA 1.0.2.3 and earlier are affected; BC-FJA 1.0.2.4 is fixed.) CWE-400 Uncontrolled Resource Consumption
CVSSv3:
Base Score: MEDIUM (5.5) Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:1.8/RC:R/MAV:A References:
Vulnerable Software & Versions:
bcprov-jdk15on-1.70.jarDescription:
The Bouncy Castle Crypto package is a Java implementation of cryptographic algorithms. This jar contains JCE provider and lightweight API for the Bouncy Castle Cryptography APIs for JDK 1.5 and up. License:
Bouncy Castle Licence: https://www.bouncycastle.org/licence.html File Path: /home/runner/.m2/repository/org/bouncycastle/bcprov-jdk15on/1.70/bcprov-jdk15on-1.70.jar
MD5: 1809d0449a6374279c01fdd3be26cd92
SHA1: 4636a0d01f74acaf28082fb62b317f1080118371
SHA256: 8f3c20e3e2d565d26f33e8d4857a37d0d7f8ac39b62a7026496fcab1bdac30d4
Referenced In Projects/Scopes: shardingsphere-proxy-distribution:compile shardingsphere-test-e2e-agent-plugins-metrics-prometheus:compile shardingsphere-test-e2e-transaction:compile shardingsphere-test-e2e-agent-plugins-jaeger:compile shardingsphere-agent-metrics-core:provided shardingsphere-agent-tracing-opentelemetry:provided shardingsphere-proxy-native-distribution:compile shardingsphere-agent-tracing-core:provided shardingsphere-test-e2e-sql:compile shardingsphere-proxy-frontend-postgresql:compile shardingsphere-agent-metrics-prometheus:provided shardingsphere-proxy-frontend-mysql:compile shardingsphere-test-e2e-agent-plugins-logging-file:compile shardingsphere-test-e2e-agent-plugins-common:compile shardingsphere-agent-tracing-type:provided shardingsphere-proxy-frontend-core:compile shardingsphere-test-e2e-env:compile shardingsphere-test-e2e-fixture:compile shardingsphere-proxy-bootstrap:compile shardingsphere-test-e2e-agent-plugins-zipkin:compile shardingsphere-proxy-frontend-opengauss:compile shardingsphere-test-e2e-pipeline:compile shardingsphere-test-e2e-showprocesslist:compile bcprov-jdk15on-1.70.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-env@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-env@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-fixture@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-bootstrap@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-fixture@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-common@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-common@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-common@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-bootstrap@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-common@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-postgresql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-core@5.5.1-SNAPSHOT pkg:maven/org.bouncycastle/bcpkix-jdk15on@1.70 pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-bootstrap@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-core@5.5.1-SNAPSHOT Evidence Type Source Name Value Confidence Vendor file name bcprov-jdk15on High Vendor jar package name bouncycastle Highest Vendor jar package name crypto Highest Vendor jar package name jce Highest Vendor jar package name org Highest Vendor jar package name provider Highest Vendor Manifest application-library-allowable-codebase * Low Vendor Manifest application-name Bouncy Castle Provider Medium Vendor Manifest automatic-module-name org.bouncycastle.provider Medium Vendor Manifest bundle-requiredexecutionenvironment J2SE-1.5 Low Vendor Manifest bundle-symbolicname bcprov Medium Vendor Manifest caller-allowable-codebase * Low Vendor Manifest codebase * Low Vendor Manifest extension-name org.bouncycastle.bcprovider Medium Vendor Manifest Implementation-Vendor BouncyCastle.org High Vendor Manifest Implementation-Vendor-Id org.bouncycastle Medium Vendor Manifest multi-release true Low Vendor Manifest originally-created-by 25.292-b10 (Private Build) Low Vendor Manifest permissions all-permissions Low Vendor Manifest specification-vendor BouncyCastle.org Low Vendor Manifest trusted-library true Low Vendor pom artifactid bcprov-jdk15on Highest Vendor pom artifactid bcprov-jdk15on Low Vendor pom developer email feedback-crypto@bouncycastle.org Low Vendor pom developer id feedback-crypto Medium Vendor pom developer name The Legion of the Bouncy Castle Inc. Medium Vendor pom groupid org.bouncycastle Highest Vendor pom name Bouncy Castle Provider High Vendor pom url https://www.bouncycastle.org/java.html Highest Product file name bcprov-jdk15on High Product hint analyzer product legion-of-the-bouncy-castle-java-crytography-api High Product hint analyzer product the_bouncy_castle_crypto_package_for_java High Product jar package name bouncycastle Highest Product jar package name crypto Highest Product jar package name jce Highest Product jar package name org Highest Product jar package name provider Highest Product Manifest application-library-allowable-codebase * Low Product Manifest application-name Bouncy Castle Provider Medium Product Manifest automatic-module-name org.bouncycastle.provider Medium Product Manifest Bundle-Name bcprov Medium Product Manifest bundle-requiredexecutionenvironment J2SE-1.5 Low Product Manifest bundle-symbolicname bcprov Medium Product Manifest caller-allowable-codebase * Low Product Manifest codebase * Low Product Manifest extension-name org.bouncycastle.bcprovider Medium Product Manifest multi-release true Low Product Manifest originally-created-by 25.292-b10 (Private Build) Low Product Manifest permissions all-permissions Low Product Manifest trusted-library true Low Product pom artifactid bcprov-jdk15on Highest Product pom developer email feedback-crypto@bouncycastle.org Low Product pom developer id feedback-crypto Low Product pom developer name The Legion of the Bouncy Castle Inc. Low Product pom groupid org.bouncycastle Highest Product pom name Bouncy Castle Provider High Product pom url https://www.bouncycastle.org/java.html Medium Version file version 1.70 High Version Manifest Bundle-Version 1.70 High Version pom version 1.70 Highest
pkg:maven/org.bouncycastle/bcprov-jdk15on@1.70 (Confidence :High)cpe:2.3:a:bouncycastle:bouncy-castle-crypto-package:1.70:*:*:*:*:*:*:* (Confidence :Low) suppress cpe:2.3:a:bouncycastle:bouncy_castle_crypto_package:1.70:*:*:*:*:*:*:* (Confidence :Low) suppress cpe:2.3:a:bouncycastle:bouncy_castle_for_java:1.70:*:*:*:*:*:*:* (Confidence :Highest) suppress cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.70:*:*:*:*:*:*:* (Confidence :Low) suppress cpe:2.3:a:bouncycastle:the_bouncy_castle_crypto_package_for_java:1.70:*:*:*:*:*:*:* (Confidence :Low) suppress CVE-2024-34447 (OSSINDEX) suppress
bouncycastle - Improper Validation of Certificate with Host Mismatch
The software communicates with a host that provides a certificate, but the software does not properly ensure that the certificate is actually associated with that host. CWE-297 Improper Validation of Certificate with Host Mismatch
CVSSv3:
Base Score: HIGH (7.699999809265137) Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L References:
Vulnerable Software & Versions (OSSINDEX):
cpe:2.3:a:org.bouncycastle:bcprov-jdk15on:1.70:*:*:*:*:*:*:* CVE-2024-29857 (OSSINDEX) suppress
An issue was discovered in ECCurve.java and ECCurve.cs in Bouncy Castle Java (BC Java) before 1.78, BC Java LTS before 2.73.6, BC-FJA before 1.0.2.5, and BC C# .Net before 2.3.1. Importing an EC certificate with crafted F2m parameters can lead to excessive CPU consumption during the evaluation of the curve parameters. CWE-400 Uncontrolled Resource Consumption
CVSSv3:
Base Score: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H References:
Vulnerable Software & Versions (OSSINDEX):
cpe:2.3:a:org.bouncycastle:bcprov-jdk15on:1.70:*:*:*:*:*:*:* CVE-2024-30171 (OSSINDEX) suppress
An issue was discovered in Bouncy Castle Java TLS API and JSSE Provider before 1.78. Timing-based leakage may occur in RSA based handshakes because of exception processing. CWE-208 Observable Timing Discrepancy
CVSSv3:
Base Score: MEDIUM (5.900000095367432) Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N References:
Vulnerable Software & Versions (OSSINDEX):
cpe:2.3:a:org.bouncycastle:bcprov-jdk15on:1.70:*:*:*:*:*:*:* CVE-2023-33202 suppress
Bouncy Castle for Java before 1.73 contains a potential Denial of Service (DoS) issue within the Bouncy Castle org.bouncycastle.openssl.PEMParser class. This class parses OpenSSL PEM encoded streams containing X.509 certificates, PKCS8 encoded keys, and PKCS7 objects. Parsing a file that has crafted ASN.1 data through the PEMParser causes an OutOfMemoryError, which can enable a denial of service attack. (For users of the FIPS Java API: BC-FJA 1.0.2.3 and earlier are affected; BC-FJA 1.0.2.4 is fixed.) CWE-400 Uncontrolled Resource Consumption
CVSSv3:
Base Score: MEDIUM (5.5) Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:1.8/RC:R/MAV:A References:
Vulnerable Software & Versions:
CVE-2023-33201 (OSSINDEX) suppress
Bouncy Castle For Java before 1.74 is affected by an LDAP injection vulnerability. The vulnerability only affects applications that use an LDAP CertStore from Bouncy Castle to validate X.509 certificates. During the certificate validation process, Bouncy Castle inserts the certificate's Subject Name into an LDAP search filter without any escaping, which leads to an LDAP injection vulnerability. CWE-295 Improper Certificate Validation
CVSSv3:
Base Score: MEDIUM (5.300000190734863) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N References:
Vulnerable Software & Versions (OSSINDEX):
cpe:2.3:a:org.bouncycastle:bcprov-jdk15on:1.70:*:*:*:*:*:*:* bctls-jdk15on-1.70.jarDescription:
The Bouncy Castle Java APIs for TLS and DTLS, including a provider for the JSSE. License:
Bouncy Castle Licence: https://www.bouncycastle.org/licence.html File Path: /home/runner/.m2/repository/org/bouncycastle/bctls-jdk15on/1.70/bctls-jdk15on-1.70.jar
MD5: cf432b6c66ae5f36a7a06c1954077b88
SHA1: b0db3b9dafb022f157c3e3f9a1771c29db850e2d
SHA256: 17d0209f6363920d024092acdca249c5b3c55b006e689d13f25df782a6f2e27b
Referenced In Projects/Scopes: shardingsphere-proxy-distribution:compile shardingsphere-test-e2e-agent-plugins-metrics-prometheus:compile shardingsphere-test-e2e-transaction:compile shardingsphere-test-e2e-agent-plugins-jaeger:compile shardingsphere-agent-metrics-core:provided shardingsphere-agent-tracing-opentelemetry:provided shardingsphere-proxy-native-distribution:compile shardingsphere-agent-tracing-core:provided shardingsphere-test-e2e-sql:compile shardingsphere-proxy-frontend-postgresql:compile shardingsphere-agent-metrics-prometheus:provided shardingsphere-proxy-frontend-mysql:compile shardingsphere-test-e2e-agent-plugins-logging-file:compile shardingsphere-test-e2e-agent-plugins-common:compile shardingsphere-agent-tracing-type:provided shardingsphere-proxy-frontend-core:compile shardingsphere-test-e2e-env:compile shardingsphere-test-e2e-fixture:compile shardingsphere-proxy-bootstrap:compile shardingsphere-test-e2e-agent-plugins-zipkin:compile shardingsphere-proxy-frontend-opengauss:compile shardingsphere-test-e2e-pipeline:compile shardingsphere-test-e2e-showprocesslist:compile bctls-jdk15on-1.70.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-bootstrap@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-env@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-common@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-fixture@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-env@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-bootstrap@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-postgresql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-common@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-common@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-bootstrap@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-fixture@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-common@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-core@5.5.1-SNAPSHOT Evidence Type Source Name Value Confidence Vendor file name bctls-jdk15on High Vendor jar package name bouncycastle Highest Vendor jar package name java Highest Vendor jar package name jsse Highest Vendor jar package name org Highest Vendor jar package name provider Highest Vendor jar package name tls Highest Vendor Manifest application-library-allowable-codebase * Low Vendor Manifest application-name Bouncy Castle TLS API and Provider Medium Vendor Manifest automatic-module-name org.bouncycastle.tls Medium Vendor Manifest bundle-requiredexecutionenvironment J2SE-1.5 Low Vendor Manifest bundle-symbolicname bctls Medium Vendor Manifest caller-allowable-codebase * Low Vendor Manifest codebase * Low Vendor Manifest extension-name org.bouncycastle.bctls Medium Vendor Manifest Implementation-Vendor BouncyCastle.org High Vendor Manifest Implementation-Vendor-Id org.bouncycastle Medium Vendor Manifest multi-release true Low Vendor Manifest originally-created-by 25.292-b10 (Private Build) Low Vendor Manifest permissions all-permissions Low Vendor Manifest specification-vendor BouncyCastle.org Low Vendor Manifest trusted-library true Low Vendor pom artifactid bctls-jdk15on Highest Vendor pom artifactid bctls-jdk15on Low Vendor pom developer email feedback-crypto@bouncycastle.org Low Vendor pom developer id feedback-crypto Medium Vendor pom developer name The Legion of the Bouncy Castle Inc. Medium Vendor pom groupid org.bouncycastle Highest Vendor pom name Bouncy Castle JSSE provider and TLS/DTLS API High Vendor pom url https://www.bouncycastle.org/java.html Highest Product file name bctls-jdk15on High Product jar package name bouncycastle Highest Product jar package name java Highest Product jar package name jsse Highest Product jar package name org Highest Product jar package name provider Highest Product jar package name tls Highest Product Manifest application-library-allowable-codebase * Low Product Manifest application-name Bouncy Castle TLS API and Provider Medium Product Manifest automatic-module-name org.bouncycastle.tls Medium Product Manifest Bundle-Name bctls Medium Product Manifest bundle-requiredexecutionenvironment J2SE-1.5 Low Product Manifest bundle-symbolicname bctls Medium Product Manifest caller-allowable-codebase * Low Product Manifest codebase * Low Product Manifest extension-name org.bouncycastle.bctls Medium Product Manifest multi-release true Low Product Manifest originally-created-by 25.292-b10 (Private Build) Low Product Manifest permissions all-permissions Low Product Manifest trusted-library true Low Product pom artifactid bctls-jdk15on Highest Product pom developer email feedback-crypto@bouncycastle.org Low Product pom developer id feedback-crypto Low Product pom developer name The Legion of the Bouncy Castle Inc. Low Product pom groupid org.bouncycastle Highest Product pom name Bouncy Castle JSSE provider and TLS/DTLS API High Product pom url https://www.bouncycastle.org/java.html Medium Version file version 1.70 High Version Manifest Bundle-Version 1.70 High Version pom version 1.70 Highest
CVE-2024-30171 (OSSINDEX) suppress
An issue was discovered in Bouncy Castle Java TLS API and JSSE Provider before 1.78. Timing-based leakage may occur in RSA based handshakes because of exception processing. CWE-208 Observable Timing Discrepancy
CVSSv3:
Base Score: MEDIUM (5.900000095367432) Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N References:
Vulnerable Software & Versions (OSSINDEX):
cpe:2.3:a:org.bouncycastle:bctls-jdk15on:1.70:*:*:*:*:*:*:* CVE-2023-33202 suppress
Bouncy Castle for Java before 1.73 contains a potential Denial of Service (DoS) issue within the Bouncy Castle org.bouncycastle.openssl.PEMParser class. This class parses OpenSSL PEM encoded streams containing X.509 certificates, PKCS8 encoded keys, and PKCS7 objects. Parsing a file that has crafted ASN.1 data through the PEMParser causes an OutOfMemoryError, which can enable a denial of service attack. (For users of the FIPS Java API: BC-FJA 1.0.2.3 and earlier are affected; BC-FJA 1.0.2.4 is fixed.) CWE-400 Uncontrolled Resource Consumption
CVSSv3:
Base Score: MEDIUM (5.5) Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:1.8/RC:R/MAV:A References:
Vulnerable Software & Versions:
bcutil-jdk15on-1.70.jarDescription:
The Bouncy Castle Java APIs for ASN.1 extension and utility APIs used to support bcpkix and bctls. This jar contains APIs for JDK 1.5 and up. License:
Bouncy Castle Licence: https://www.bouncycastle.org/licence.html File Path: /home/runner/.m2/repository/org/bouncycastle/bcutil-jdk15on/1.70/bcutil-jdk15on-1.70.jar
MD5: 805173dfb0891331dbe69d0e53371af4
SHA1: 54280e7195a7430d7911ded93fc01e07300b9526
SHA256: 52dc5551b0257666526c5095424567fed7dc7b00d2b1ba7bd52298411112b1d0
Referenced In Projects/Scopes: shardingsphere-proxy-distribution:compile shardingsphere-test-e2e-agent-plugins-metrics-prometheus:compile shardingsphere-test-e2e-transaction:compile shardingsphere-test-e2e-agent-plugins-jaeger:compile shardingsphere-agent-metrics-core:provided shardingsphere-agent-tracing-opentelemetry:provided shardingsphere-proxy-native-distribution:compile shardingsphere-agent-tracing-core:provided shardingsphere-test-e2e-sql:compile shardingsphere-proxy-frontend-postgresql:compile shardingsphere-agent-metrics-prometheus:provided shardingsphere-proxy-frontend-mysql:compile shardingsphere-test-e2e-agent-plugins-logging-file:compile shardingsphere-test-e2e-agent-plugins-common:compile shardingsphere-agent-tracing-type:provided shardingsphere-proxy-frontend-core:compile shardingsphere-test-e2e-env:compile shardingsphere-test-e2e-fixture:compile shardingsphere-proxy-bootstrap:compile shardingsphere-test-e2e-agent-plugins-zipkin:compile shardingsphere-proxy-frontend-opengauss:compile shardingsphere-test-e2e-pipeline:compile shardingsphere-test-e2e-showprocesslist:compile bcutil-jdk15on-1.70.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-bootstrap@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-core@5.5.1-SNAPSHOT pkg:maven/org.bouncycastle/bcpkix-jdk15on@1.70 pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-env@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-fixture@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-env@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-common@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-common@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-common@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-common@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-bootstrap@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-fixture@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-bootstrap@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-postgresql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-core@5.5.1-SNAPSHOT Evidence Type Source Name Value Confidence Vendor file name bcutil-jdk15on High Vendor jar package name bouncycastle Highest Vendor Manifest application-library-allowable-codebase * Low Vendor Manifest application-name Bouncy Castle Utility APIs Medium Vendor Manifest automatic-module-name org.bouncycastle.util Medium Vendor Manifest bundle-requiredexecutionenvironment J2SE-1.5 Low Vendor Manifest bundle-symbolicname bcutil Medium Vendor Manifest caller-allowable-codebase * Low Vendor Manifest codebase * Low Vendor Manifest extension-name org.bouncycastle.bcutil Medium Vendor Manifest Implementation-Vendor BouncyCastle.org High Vendor Manifest Implementation-Vendor-Id org.bouncycastle Medium Vendor Manifest multi-release true Low Vendor Manifest originally-created-by 25.292-b10 (Private Build) Low Vendor Manifest permissions all-permissions Low Vendor Manifest specification-vendor BouncyCastle.org Low Vendor Manifest trusted-library true Low Vendor pom artifactid bcutil-jdk15on Highest Vendor pom artifactid bcutil-jdk15on Low Vendor pom developer email feedback-crypto@bouncycastle.org Low Vendor pom developer id feedback-crypto Medium Vendor pom developer name The Legion of the Bouncy Castle Inc. Medium Vendor pom groupid org.bouncycastle Highest Vendor pom name Bouncy Castle ASN.1 Extension and Utility APIs High Vendor pom url https://www.bouncycastle.org/java.html Highest Product file name bcutil-jdk15on High Product jar package name bouncycastle Highest Product Manifest application-library-allowable-codebase * Low Product Manifest application-name Bouncy Castle Utility APIs Medium Product Manifest automatic-module-name org.bouncycastle.util Medium Product Manifest Bundle-Name bcutil Medium Product Manifest bundle-requiredexecutionenvironment J2SE-1.5 Low Product Manifest bundle-symbolicname bcutil Medium Product Manifest caller-allowable-codebase * Low Product Manifest codebase * Low Product Manifest extension-name org.bouncycastle.bcutil Medium Product Manifest multi-release true Low Product Manifest originally-created-by 25.292-b10 (Private Build) Low Product Manifest permissions all-permissions Low Product Manifest trusted-library true Low Product pom artifactid bcutil-jdk15on Highest Product pom developer email feedback-crypto@bouncycastle.org Low Product pom developer id feedback-crypto Low Product pom developer name The Legion of the Bouncy Castle Inc. Low Product pom groupid org.bouncycastle Highest Product pom name Bouncy Castle ASN.1 Extension and Utility APIs High Product pom url https://www.bouncycastle.org/java.html Medium Version file version 1.70 High Version Manifest Bundle-Version 1.70 High Version pom version 1.70 Highest
CVE-2023-33202 suppress
Bouncy Castle for Java before 1.73 contains a potential Denial of Service (DoS) issue within the Bouncy Castle org.bouncycastle.openssl.PEMParser class. This class parses OpenSSL PEM encoded streams containing X.509 certificates, PKCS8 encoded keys, and PKCS7 objects. Parsing a file that has crafted ASN.1 data through the PEMParser causes an OutOfMemoryError, which can enable a denial of service attack. (For users of the FIPS Java API: BC-FJA 1.0.2.3 and earlier are affected; BC-FJA 1.0.2.4 is fixed.) CWE-400 Uncontrolled Resource Consumption
CVSSv3:
Base Score: MEDIUM (5.5) Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:1.8/RC:R/MAV:A References:
Vulnerable Software & Versions:
byte-buddy-1.14.13.jarDescription:
Byte Buddy is a Java library for creating Java classes at run time.
This artifact is a build of Byte Buddy with all ASM dependencies repackaged into its own name space.
License:
https://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/runner/.m2/repository/net/bytebuddy/byte-buddy/1.14.13/byte-buddy-1.14.13.jar
MD5: 7f4df0c9277f4c1c418a742cc3178ac9
SHA1: 45cf516d9a23485200950549ff72b204c307fc9d
SHA256: ba8254ff6d612af49acee4cac1108453ce3a417efa548b24f2f4f268cd2b441a
Referenced In Projects/Scopes: shardingsphere-agent-core:compile shardingsphere-agent-metrics-core:provided shardingsphere-agent-metrics-type:provided shardingsphere-agent-tracing-opentelemetry:provided shardingsphere-agent-logging-type:provided shardingsphere-agent-tracing-core:provided shardingsphere-agent-logging-file:provided shardingsphere-agent-metrics-prometheus:provided shardingsphere-agent-tracing-type:provided shardingsphere-agent-plugin-core:provided shardingsphere-agent-plugin-metrics:provided shardingsphere-agent-plugins:provided shardingsphere-agent-plugin-tracing:provided shardingsphere-agent-plugin-logging:provided byte-buddy-1.14.13.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.shardingsphere/shardingsphere-agent-tracing-opentelemetry@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugins@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-metrics-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-tracing-type@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugin-tracing@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-metrics-type@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugin-logging@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-logging-type@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-metrics-prometheus@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugin-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-logging-file@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugin-metrics@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-tracing-core@5.5.1-SNAPSHOT Evidence Type Source Name Value Confidence Vendor file name byte-buddy High Vendor jar package name asm Highest Vendor jar package name build Highest Vendor jar package name bytebuddy Highest Vendor jar package name net Highest Vendor Manifest build-jdk-spec 1.8 Low Vendor Manifest bundle-symbolicname net.bytebuddy.byte-buddy Medium Vendor Manifest multi-release true Low Vendor pom artifactid byte-buddy Highest Vendor pom artifactid byte-buddy Low Vendor pom groupid net.bytebuddy Highest Vendor pom name Byte Buddy (without dependencies) High Vendor pom parent-artifactid byte-buddy-parent Low Product file name byte-buddy High Product jar package name asm Highest Product jar package name build Highest Product jar package name bytebuddy Highest Product jar package name net Highest Product Manifest build-jdk-spec 1.8 Low Product Manifest Bundle-Name Byte Buddy (without dependencies) Medium Product Manifest bundle-symbolicname net.bytebuddy.byte-buddy Medium Product Manifest multi-release true Low Product pom artifactid byte-buddy Highest Product pom groupid net.bytebuddy Highest Product pom name Byte Buddy (without dependencies) High Product pom parent-artifactid byte-buddy-parent Medium Version file version 1.14.13 High Version Manifest Bundle-Version 1.14.13 High Version pom version 1.14.13 Highest
caffeine-2.9.3.jar calcite-core-1.35.0.jar checker-qual-3.39.0.jar collector-0.16.1.jarDescription:
See https://github.com/prometheus/jmx_exporter/blob/master/README.md
File Path: /home/runner/.m2/repository/io/prometheus/jmx/collector/0.16.1/collector-0.16.1.jarMD5: 448ffae38a76caac6c0d0aa7307484f1SHA1: e3c1f67839738654df332dc69e8554e49191575bSHA256: 5866c19941f34e24941e2256a7a7a1471f9c3485f8608ed4d6bc18425888cc9fReferenced In Projects/Scopes:
shardingsphere-agent-metrics-prometheus:compile shardingsphere-agent-distribution:compile collector-0.16.1.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.shardingsphere/shardingsphere-agent-metrics-prometheus@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-metrics-prometheus@5.5.1-SNAPSHOT Evidence Type Source Name Value Confidence Vendor file name collector High Vendor jar package name io Highest Vendor jar package name io Low Vendor jar package name jmx Highest Vendor jar package name jmx Low Vendor jar package name prometheus Highest Vendor jar package name prometheus Low Vendor pom artifactid collector Highest Vendor pom artifactid collector Low Vendor pom groupid io.prometheus.jmx Highest Vendor pom name Prometheus JMX Exporter - Collector High Vendor pom parent-artifactid parent Low Vendor pom url http://github.com/prometheus/jmx_exporter Highest Product file name collector High Product jar package name io Highest Product jar package name jmx Highest Product jar package name jmx Low Product jar package name prometheus Highest Product jar package name prometheus Low Product pom artifactid collector Highest Product pom groupid io.prometheus.jmx Highest Product pom name Prometheus JMX Exporter - Collector High Product pom parent-artifactid parent Medium Product pom url http://github.com/prometheus/jmx_exporter Medium Version file version 0.16.1 High Version pom version 0.16.1 Highest
common-5.12.7.Final.jarDescription:
Narayana: common File Path: /home/runner/.m2/repository/org/jboss/narayana/common/5.12.7.Final/common-5.12.7.Final.jarMD5: 3a718c74eeb3f5e75337d690b9f576c6SHA1: c7f9414956c439988ab8eae1507778f3d53c0430SHA256: d44191fb489b27eccaa948c57b20f58c242abfbf49a9f61737cbf4a612b4a2f3Referenced In Projects/Scopes:
shardingsphere-test-e2e-agent-plugins-metrics-prometheus:compile shardingsphere-test-e2e-transaction:compile shardingsphere-test-e2e-agent-plugins-jaeger:compile shardingsphere-test-e2e-sql:compile shardingsphere-test-e2e-agent-plugins-logging-file:compile shardingsphere-test-e2e-agent-plugins-common:compile shardingsphere-test-e2e-env:compile shardingsphere-test-e2e-fixture:compile shardingsphere-test-e2e-agent-plugins-zipkin:compile shardingsphere-transaction-xa-narayana:provided shardingsphere-test-e2e-pipeline:compile shardingsphere-test-e2e-showprocesslist:compile common-5.12.7.Final.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-common@5.5.1-SNAPSHOT pkg:maven/org.jboss.narayana.jta/jta@5.12.7.Final pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-env@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-common@5.5.1-SNAPSHOT pkg:maven/org.jboss.narayana.jta/jta@5.12.7.Final pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-env@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-common@5.5.1-SNAPSHOT pkg:maven/org.jboss.narayana.jta/jta@5.12.7.Final pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-fixture@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-fixture@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-common@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-fixture@5.5.1-SNAPSHOT Evidence Type Source Name Value Confidence Vendor file name common High Vendor jar package name common Highest Vendor Manifest arjuna-properties-file jbossts-properties.xml Low Vendor Manifest build-jdk-spec 11 Low Vendor Manifest implementation-url http://www.jboss.org/ Low Vendor Manifest Implementation-Vendor JBoss by Red Hat, Inc. High Vendor Manifest Implementation-Vendor-Id http://www.jboss.org/ Medium Vendor Manifest os-arch amd64 Low Vendor Manifest os-name Linux Medium Vendor Manifest specification-vendor JBoss by Red Hat Low Vendor pom artifactid common Highest Vendor pom artifactid common Low Vendor pom groupid org.jboss.narayana Highest Vendor pom name Narayana: common High Vendor pom parent-artifactid narayana-all Low Product file name common High Product jar package name common Highest Product Manifest arjuna-properties-file jbossts-properties.xml Low Product Manifest build-jdk-spec 11 Low Product Manifest Implementation-Title Narayana: common High Product Manifest implementation-url http://www.jboss.org/ Low Product Manifest os-arch amd64 Low Product Manifest os-name Linux Medium Product Manifest specification-title Narayana: common Medium Product pom artifactid common Highest Product pom groupid org.jboss.narayana Highest Product pom name Narayana: common High Product pom parent-artifactid narayana-all Medium Version Manifest Implementation-Version 5.12.7.Final High Version pom version 5.12.7.Final Highest
commons-beanutils-1.7.0.jarFile Path: /home/runner/.m2/repository/commons-beanutils/commons-beanutils/1.7.0/commons-beanutils-1.7.0.jarMD5: 0f18acf5fa857f9959675e14d901a7ceSHA1: 5675fd96b29656504b86029551973d60fb41339bSHA256: 24bcaa20ccbdc7c856ce0c0aea144566943403e2e9f27bd9779cda1d76823ef4Referenced In Project/Scope: shardingsphere-infra-database-hive:providedcommons-beanutils-1.7.0.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.hive/hive-jdbc@3.1.3
Evidence Type Source Name Value Confidence Vendor file name commons-beanutils High Vendor jar package name apache Highest Vendor jar package name beanutils Highest Vendor jar package name commons Highest Vendor Manifest extension-name org.apache.commons.beanutils Medium Vendor Manifest Implementation-Vendor Apache Software Foundation High Vendor Manifest specification-vendor Apache Software Foundation Low Vendor pom artifactid commons-beanutils Highest Vendor pom artifactid commons-beanutils Low Vendor pom groupid commons-beanutils Highest Product file name commons-beanutils High Product jar package name apache Highest Product jar package name beanutils Highest Product jar package name commons Highest Product Manifest extension-name org.apache.commons.beanutils Medium Product Manifest Implementation-Title org.apache.commons.beanutils High Product Manifest specification-title Jakarta Commons Beanutils Medium Product pom artifactid commons-beanutils Highest Product pom groupid commons-beanutils Highest Version file version 1.7.0 High Version pom version 1.7.0 Highest
CVE-2014-0114 suppress
Apache Commons BeanUtils, as distributed in lib/commons-beanutils-1.8.0.jar in Apache Struts 1.x through 1.3.10 and in other products requiring commons-beanutils through 1.9.2, does not suppress the class property, which allows remote attackers to "manipulate" the ClassLoader and execute arbitrary code via the class parameter, as demonstrated by the passing of this parameter to the getClass method of the ActionForm object in Struts 1. CWE-20 Improper Input Validation
CVSSv2:
Base Score: HIGH (7.5) Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P References:
Vulnerable Software & Versions: (show all )
CVE-2019-10086 suppress
In Apache Commons Beanutils 1.9.2, a special BeanIntrospector class was added which allows suppressing the ability for an attacker to access the classloader via the class property available on all Java objects. We, however were not using this by default characteristic of the PropertyUtilsBean. CWE-502 Deserialization of Untrusted Data
CVSSv2:
Base Score: HIGH (7.5) Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P CVSSv3:
Base Score: HIGH (7.3) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:3.9/RC:R/MAV:A References:
security@apache.org - MAILING_LIST,THIRD_PARTY_ADVISORY security@apache.org - MAILING_LIST,THIRD_PARTY_ADVISORY security@apache.org - PATCH,THIRD_PARTY_ADVISORY security@apache.org - PATCH,THIRD_PARTY_ADVISORY security@apache.org - PATCH,THIRD_PARTY_ADVISORY security@apache.org - PATCH,THIRD_PARTY_ADVISORY security@apache.org - PATCH,THIRD_PARTY_ADVISORY security@apache.org - PATCH,THIRD_PARTY_ADVISORY security@apache.org - PATCH,THIRD_PARTY_ADVISORY security@apache.org - PATCH,THIRD_PARTY_ADVISORY security@apache.org - THIRD_PARTY_ADVISORY security@apache.org - THIRD_PARTY_ADVISORY security@apache.org - THIRD_PARTY_ADVISORY security@apache.org - THIRD_PARTY_ADVISORY security@apache.org - THIRD_PARTY_ADVISORY security@apache.org - THIRD_PARTY_ADVISORY security@apache.org - THIRD_PARTY_ADVISORY security@apache.org - THIRD_PARTY_ADVISORY Vulnerable Software & Versions: (show all )
commons-beanutils-core-1.8.0.jarFile Path: /home/runner/.m2/repository/commons-beanutils/commons-beanutils-core/1.8.0/commons-beanutils-core-1.8.0.jarMD5: a33ba25ae637909a97a60ff1d1b38857SHA1: 175dc721f87e4bc5cc0573f990e28c3cf9117508SHA256: 9038c7ddc61d3d8089eb5a52a24b430a202617d57d2d344a93b68e4eafefefdeReferenced In Project/Scope: shardingsphere-infra-database-hive:providedcommons-beanutils-core-1.8.0.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.hive/hive-jdbc@3.1.3
Evidence Type Source Name Value Confidence Vendor file name commons-beanutils-core High Vendor jar package name apache Highest Vendor jar package name beanutils Highest Vendor jar package name commons Highest Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor Manifest Implementation-Vendor-Id org.apache Medium Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor pom artifactid commons-beanutils-core Highest Vendor pom artifactid commons-beanutils-core Low Vendor pom groupid commons-beanutils Highest Vendor pom name Commons BeanUtils Core High Vendor pom parent-artifactid apache Low Vendor pom parent-groupid org.apache Medium Vendor pom url http://commons.apache.org/beanutils/ Highest Product file name commons-beanutils-core High Product jar package name apache Highest Product jar package name beanutils Highest Product jar package name commons Highest Product Manifest Implementation-Title Commons BeanUtils Core High Product Manifest specification-title Commons BeanUtils Core Medium Product pom artifactid commons-beanutils-core Highest Product pom groupid commons-beanutils Highest Product pom name Commons BeanUtils Core High Product pom parent-artifactid apache Medium Product pom parent-groupid org.apache Medium Product pom url http://commons.apache.org/beanutils/ Medium Version file version 1.8.0 High Version Manifest Implementation-Version 1.8.0 High Version pom parent-version 1.8.0 Low Version pom version 1.8.0 Highest
CVE-2014-0114 suppress
Apache Commons BeanUtils, as distributed in lib/commons-beanutils-1.8.0.jar in Apache Struts 1.x through 1.3.10 and in other products requiring commons-beanutils through 1.9.2, does not suppress the class property, which allows remote attackers to "manipulate" the ClassLoader and execute arbitrary code via the class parameter, as demonstrated by the passing of this parameter to the getClass method of the ActionForm object in Struts 1. CWE-20 Improper Input Validation
CVSSv2:
Base Score: HIGH (7.5) Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P References:
Vulnerable Software & Versions: (show all )
CVE-2019-10086 suppress
In Apache Commons Beanutils 1.9.2, a special BeanIntrospector class was added which allows suppressing the ability for an attacker to access the classloader via the class property available on all Java objects. We, however were not using this by default characteristic of the PropertyUtilsBean. CWE-502 Deserialization of Untrusted Data
CVSSv2:
Base Score: HIGH (7.5) Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P CVSSv3:
Base Score: HIGH (7.3) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:3.9/RC:R/MAV:A References:
security@apache.org - MAILING_LIST,THIRD_PARTY_ADVISORY security@apache.org - MAILING_LIST,THIRD_PARTY_ADVISORY security@apache.org - PATCH,THIRD_PARTY_ADVISORY security@apache.org - PATCH,THIRD_PARTY_ADVISORY security@apache.org - PATCH,THIRD_PARTY_ADVISORY security@apache.org - PATCH,THIRD_PARTY_ADVISORY security@apache.org - PATCH,THIRD_PARTY_ADVISORY security@apache.org - PATCH,THIRD_PARTY_ADVISORY security@apache.org - PATCH,THIRD_PARTY_ADVISORY security@apache.org - PATCH,THIRD_PARTY_ADVISORY security@apache.org - THIRD_PARTY_ADVISORY security@apache.org - THIRD_PARTY_ADVISORY security@apache.org - THIRD_PARTY_ADVISORY security@apache.org - THIRD_PARTY_ADVISORY security@apache.org - THIRD_PARTY_ADVISORY security@apache.org - THIRD_PARTY_ADVISORY security@apache.org - THIRD_PARTY_ADVISORY security@apache.org - THIRD_PARTY_ADVISORY Vulnerable Software & Versions: (show all )
commons-cli-1.2.jarDescription:
Commons CLI provides a simple API for presenting, processing and validating a command line interface.
License:
http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/runner/.m2/repository/commons-cli/commons-cli/1.2/commons-cli-1.2.jar
MD5: bfdcae1ff93f0c07d733f03bdce28c9e
SHA1: 2bf96b7aa8b611c177d329452af1dc933e14501c
SHA256: e7cd8951956d349b568b7ccfd4f5b2529a8c113e67c32b028f52ffda371259d9
Referenced In Project/Scope: shardingsphere-infra-database-hive:provided
commons-cli-1.2.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.hive/hive-jdbc@3.1.3
Evidence Type Source Name Value Confidence Vendor file name commons-cli High Vendor jar package name apache Highest Vendor jar package name cli Highest Vendor jar package name commons Highest Vendor Manifest bundle-docurl http://commons.apache.org/cli/ Low Vendor Manifest bundle-symbolicname org.apache.commons.cli Medium Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor Manifest Implementation-Vendor-Id org.apache Medium Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor pom artifactid commons-cli Highest Vendor pom artifactid commons-cli Low Vendor pom developer email bob@werken.com Low Vendor pom developer email jbjk@mac.com Low Vendor pom developer email jstrachan@apache.org Low Vendor pom developer email roxspring@imapmail.org Low Vendor pom developer id bob Medium Vendor pom developer id jkeyes Medium Vendor pom developer id jstrachan Medium Vendor pom developer id roxspring Medium Vendor pom developer name Bob McWhirter Medium Vendor pom developer name James Strachan Medium Vendor pom developer name John Keyes Medium Vendor pom developer name Rob Oxspring Medium Vendor pom developer org Indigo Stone Medium Vendor pom developer org integral Source Medium Vendor pom developer org SpiritSoft, Inc. Medium Vendor pom developer org Werken Medium Vendor pom groupid commons-cli Highest Vendor pom name Commons CLI High Vendor pom parent-artifactid commons-parent Low Vendor pom parent-groupid org.apache.commons Medium Vendor pom url http://commons.apache.org/cli/ Highest Product file name commons-cli High Product jar package name apache Highest Product jar package name cli Highest Product jar package name commons Highest Product Manifest bundle-docurl http://commons.apache.org/cli/ Low Product Manifest Bundle-Name Commons CLI Medium Product Manifest bundle-symbolicname org.apache.commons.cli Medium Product Manifest Implementation-Title Commons CLI High Product Manifest specification-title Commons CLI Medium Product pom artifactid commons-cli Highest Product pom developer email bob@werken.com Low Product pom developer email jbjk@mac.com Low Product pom developer email jstrachan@apache.org Low Product pom developer email roxspring@imapmail.org Low Product pom developer id bob Low Product pom developer id jkeyes Low Product pom developer id jstrachan Low Product pom developer id roxspring Low Product pom developer name Bob McWhirter Low Product pom developer name James Strachan Low Product pom developer name John Keyes Low Product pom developer name Rob Oxspring Low Product pom developer org Indigo Stone Low Product pom developer org integral Source Low Product pom developer org SpiritSoft, Inc. Low Product pom developer org Werken Low Product pom groupid commons-cli Highest Product pom name Commons CLI High Product pom parent-artifactid commons-parent Medium Product pom parent-groupid org.apache.commons Medium Product pom url http://commons.apache.org/cli/ Medium Version file version 1.2 High Version Manifest Bundle-Version 1.2 High Version Manifest Implementation-Version 1.2 High Version pom parent-version 1.2 Low Version pom version 1.2 Highest
commons-codec-1.16.0.jar commons-collections4-4.1.jarDescription:
The Apache Commons Collections package contains types that extend and augment the Java Collections Framework. License:
http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/runner/.m2/repository/org/apache/commons/commons-collections4/4.1/commons-collections4-4.1.jar
MD5: 45af6a8e5b51d5945de6c7411e290bd1
SHA1: a4cf4688fe1c7e3a63aa636cc96d013af537768e
SHA256: b1fe8b5968b57d8465425357ed2d9dc695504518bed2df5b565c4b8e68c1c8a5
Referenced In Project/Scope: shardingsphere-infra-database-hive:provided
commons-collections4-4.1.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.hive/hive-jdbc@3.1.3
Evidence Type Source Name Value Confidence Vendor file name commons-collections4 High Vendor jar package name apache Highest Vendor jar package name collections4 Highest Vendor jar package name commons Highest Vendor Manifest bundle-docurl http://commons.apache.org/proper/commons-collections/ Low Vendor Manifest bundle-symbolicname org.apache.commons.collections4 Medium Vendor Manifest implementation-build tags/COLLECTIONS_4_1_RC2@r1716550; 2015-11-25 22:53:13+0100 Low Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor Manifest Implementation-Vendor-Id org.apache Medium Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor pom artifactid commons-collections4 Highest Vendor pom artifactid commons-collections4 Low Vendor pom developer id adriannistor Medium Vendor pom developer id amamment Medium Vendor pom developer id bayard Medium Vendor pom developer id craigmcc Medium Vendor pom developer id dlaha Medium Vendor pom developer id geirm Medium Vendor pom developer id ggregory Medium Vendor pom developer id jcarman Medium Vendor pom developer id luc Medium Vendor pom developer id matth Medium Vendor pom developer id mbenson Medium Vendor pom developer id morgand Medium Vendor pom developer id psteitz Medium Vendor pom developer id rdonkin Medium Vendor pom developer id rwaldhoff Medium Vendor pom developer id scolebourne Medium Vendor pom developer id tn Medium Vendor pom developer name Adrian Nistor Medium Vendor pom developer name Arun M. Thomas Medium Vendor pom developer name Craig McClanahan Medium Vendor pom developer name Dipanjan Laha Medium Vendor pom developer name Gary D. Gregory Medium Vendor pom developer name Geir Magnusson Medium Vendor pom developer name Henri Yandell Medium Vendor pom developer name James Carman Medium Vendor pom developer name Luc Maisonobe Medium Vendor pom developer name Matt Benson Medium Vendor pom developer name Matthew Hawthorne Medium Vendor pom developer name Morgan Delagrange Medium Vendor pom developer name Phil Steitz Medium Vendor pom developer name Robert Burrell Donkin Medium Vendor pom developer name Rodney Waldhoff Medium Vendor pom developer name Stephen Colebourne Medium Vendor pom developer name Thomas Neidhart Medium Vendor pom groupid org.apache.commons Highest Vendor pom name Apache Commons Collections High Vendor pom parent-artifactid commons-parent Low Vendor pom url http://commons.apache.org/proper/commons-collections/ Highest Product file name commons-collections4 High Product jar package name apache Highest Product jar package name collections4 Highest Product jar package name commons Highest Product Manifest bundle-docurl http://commons.apache.org/proper/commons-collections/ Low Product Manifest Bundle-Name Apache Commons Collections Medium Product Manifest bundle-symbolicname org.apache.commons.collections4 Medium Product Manifest implementation-build tags/COLLECTIONS_4_1_RC2@r1716550; 2015-11-25 22:53:13+0100 Low Product Manifest Implementation-Title Apache Commons Collections High Product Manifest specification-title Apache Commons Collections Medium Product pom artifactid commons-collections4 Highest Product pom developer id adriannistor Low Product pom developer id amamment Low Product pom developer id bayard Low Product pom developer id craigmcc Low Product pom developer id dlaha Low Product pom developer id geirm Low Product pom developer id ggregory Low Product pom developer id jcarman Low Product pom developer id luc Low Product pom developer id matth Low Product pom developer id mbenson Low Product pom developer id morgand Low Product pom developer id psteitz Low Product pom developer id rdonkin Low Product pom developer id rwaldhoff Low Product pom developer id scolebourne Low Product pom developer id tn Low Product pom developer name Adrian Nistor Low Product pom developer name Arun M. Thomas Low Product pom developer name Craig McClanahan Low Product pom developer name Dipanjan Laha Low Product pom developer name Gary D. Gregory Low Product pom developer name Geir Magnusson Low Product pom developer name Henri Yandell Low Product pom developer name James Carman Low Product pom developer name Luc Maisonobe Low Product pom developer name Matt Benson Low Product pom developer name Matthew Hawthorne Low Product pom developer name Morgan Delagrange Low Product pom developer name Phil Steitz Low Product pom developer name Robert Burrell Donkin Low Product pom developer name Rodney Waldhoff Low Product pom developer name Stephen Colebourne Low Product pom developer name Thomas Neidhart Low Product pom groupid org.apache.commons Highest Product pom name Apache Commons Collections High Product pom parent-artifactid commons-parent Medium Product pom url http://commons.apache.org/proper/commons-collections/ Medium Version file version 4.1 High Version Manifest Implementation-Version 4.1 High Version pom parent-version 4.1 Low Version pom version 4.1 Highest
commons-compiler-3.1.9.jarDescription:
The "commons-compiler" API, including the "IExpressionEvaluator", "IScriptEvaluator", "IClassBodyEvaluator" and "ISimpleCompiler" interfaces. License:
https://spdx.org/licenses/BSD-3-Clause.html File Path: /home/runner/.m2/repository/org/codehaus/janino/commons-compiler/3.1.9/commons-compiler-3.1.9.jar
MD5: e14b760178e0c2105e2951c2f452a1d1
SHA1: f0d70bb319e9339aea90a8665693e69848acc598
SHA256: d988a3ebc17188e9a1a3efadd8e958b90eb995c4fcc077292a5dfe5fe1109d25
Referenced In Projects/Scopes: shardingsphere-proxy-frontend-mysql:runtime shardingsphere-proxy-frontend-postgresql:runtime shardingsphere-agent-metrics-core:provided shardingsphere-proxy-frontend-core:runtime shardingsphere-agent-tracing-core:provided shardingsphere-agent-logging-file:provided shardingsphere-data-pipeline-postgresql:runtime shardingsphere-sql-federation-core:runtime shardingsphere-test-e2e-transaction:runtime shardingsphere-agent-plugin-core:provided shardingsphere-proxy-backend-opengauss:runtime shardingsphere-test-e2e-agent-plugins-logging-file:runtime shardingsphere-agent-plugin-logging:provided shardingsphere-proxy-backend-hbase:runtime shardingsphere-agent-metrics-type:provided shardingsphere-agent-tracing-opentelemetry:provided shardingsphere-proxy-frontend-spi:runtime shardingsphere-test-e2e-showprocesslist:runtime shardingsphere-test-e2e-agent-jdbc-project:runtime shardingsphere-agent-tracing-type:provided shardingsphere-data-pipeline-cdc-core:runtime shardingsphere-test-e2e-agent-plugins-jaeger:runtime shardingsphere-sql-federation-executor:runtime shardingsphere-agent-plugins:provided shardingsphere-data-pipeline-core:runtime shardingsphere-agent-plugin-tracing:provided shardingsphere-proxy-distribution:runtime shardingsphere-agent-logging-type:provided shardingsphere-test-e2e-pipeline:runtime shardingsphere-test-it-pipeline:runtime shardingsphere-data-pipeline-scenario-migration:runtime shardingsphere-jdbc:runtime shardingsphere-sql-federation-distsql-handler:runtime shardingsphere-test-e2e-fixture:runtime shardingsphere-data-pipeline-opengauss:runtime shardingsphere-data-pipeline-distsql-handler:runtime shardingsphere-jdbc-distribution:runtime shardingsphere-test-it-optimizer:runtime shardingsphere-test-e2e-sql:runtime shardingsphere-proxy-native-distribution:runtime shardingsphere-test-e2e-agent-plugins-zipkin:runtime shardingsphere-test-e2e-agent-plugins-metrics-prometheus:runtime shardingsphere-test-e2e-env:runtime shardingsphere-proxy-backend-mysql:runtime shardingsphere-data-pipeline-scenario-consistencycheck:runtime shardingsphere-sql-federation-optimizer:runtime shardingsphere-proxy-backend-core:runtime shardingsphere-test-e2e-driver:runtime shardingsphere-agent-metrics-prometheus:provided shardingsphere-proxy-bootstrap:runtime shardingsphere-proxy-frontend-opengauss:runtime shardingsphere-proxy-backend-postgresql:runtime shardingsphere-agent-plugin-metrics:provided shardingsphere-test-e2e-agent-plugins-common:runtime commons-compiler-3.1.9.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.shardingsphere/shardingsphere-sql-federation-optimizer@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-jdbc@5.5.1-SNAPSHOT pkg:maven/org.apache.calcite/calcite-core@1.35.0 pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-common@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-sql-federation-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-jdbc@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-jdbc@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-jdbc@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-sql-federation-optimizer@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-jdbc@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-jdbc@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-fixture@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-common@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-scenario-consistencycheck@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-bootstrap@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-sql-federation-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-fixture@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-bootstrap@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-env@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-env@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-jdbc@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-sql-federation-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-sql-federation-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-common@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-common@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-postgresql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-jdbc@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-postgresql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-jdbc@5.5.1-SNAPSHOT Evidence Type Source Name Value Confidence Vendor file name commons-compiler High Vendor jar package name codehaus Highest Vendor jar package name commons Highest Vendor jar package name compiler Highest Vendor jar package name iclassbodyevaluator Highest Vendor jar package name iexpressionevaluator Highest Vendor jar package name iscriptevaluator Highest Vendor jar package name isimplecompiler Highest Vendor Manifest bundle-symbolicname org.codehaus.janino.commons-compiler;singleton:=true Medium Vendor pom artifactid commons-compiler Highest Vendor pom artifactid commons-compiler Low Vendor pom groupid org.codehaus.janino Highest Vendor pom name commons-compiler High Vendor pom parent-artifactid janino-parent Low Product file name commons-compiler High Product jar package name codehaus Highest Product jar package name commons Highest Product jar package name compiler Highest Product jar package name iclassbodyevaluator Highest Product jar package name iexpressionevaluator Highest Product jar package name iscriptevaluator Highest Product jar package name isimplecompiler Highest Product Manifest Bundle-Name commons-compiler Medium Product Manifest bundle-symbolicname org.codehaus.janino.commons-compiler;singleton:=true Medium Product pom artifactid commons-compiler Highest Product pom groupid org.codehaus.janino Highest Product pom name commons-compiler High Product pom parent-artifactid janino-parent Medium Version file version 3.1.9 High Version Manifest Bundle-Version 3.1.9 High Version pom version 3.1.9 Highest
CVE-2023-33546 suppress
Janino 3.1.9 and earlier are subject to denial of service (DOS) attacks when using the expression evaluator.guess parameter name method. If the parser runs on user-supplied input, an attacker could supply content that causes the parser to crash due to a stack overflow. NOTE: this is disputed by multiple parties because Janino is not intended for use with untrusted input. CWE-787 Out-of-bounds Write
CVSSv3:
Base Score: MEDIUM (5.5) Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:1.8/RC:R/MAV:A References:
Vulnerable Software & Versions:
commons-compress-1.19.jarDescription:
Apache Commons Compress software defines an API for working with
compression and archive formats. These include: bzip2, gzip, pack200,
lzma, xz, Snappy, traditional Unix Compress, DEFLATE, DEFLATE64, LZ4,
Brotli, Zstandard and ar, cpio, jar, tar, zip, dump, 7z, arj.
License:
https://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/runner/.m2/repository/org/apache/commons/commons-compress/1.19/commons-compress-1.19.jar
MD5: fe897bced43468450b785b66c1cff455
SHA1: 7e65777fb451ddab6a9c054beb879e521b7eab78
SHA256: ff2d59fad74e867630fbc7daab14c432654712ac624dbee468d220677b124dd5
Referenced In Project/Scope: shardingsphere-infra-database-hive:provided
commons-compress-1.19.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.hive/hive-jdbc@3.1.3
Evidence Type Source Name Value Confidence Vendor file name commons-compress High Vendor jar package name apache Highest Vendor jar package name commons Highest Vendor jar package name compress Highest Vendor Manifest automatic-module-name org.apache.commons.compress Medium Vendor Manifest bundle-docurl https://commons.apache.org/proper/commons-compress/ Low Vendor Manifest bundle-symbolicname org.apache.commons.commons-compress Medium Vendor Manifest extension-name org.apache.commons.compress Medium Vendor Manifest implementation-build UNKNOWN@r516f76ac1fe48be9a5162e53e4d0a99f23774565; 2019-08-24 16:14:33+0000 Low Vendor Manifest implementation-url https://commons.apache.org/proper/commons-compress/ Low Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor Manifest Implementation-Vendor-Id org.apache Medium Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor pom artifactid commons-compress Highest Vendor pom artifactid commons-compress Low Vendor pom developer email bodewig at apache.org Low Vendor pom developer email chtompki at apache.org Low Vendor pom developer email damjan at apache.org Low Vendor pom developer email ebourg at apache.org Low Vendor pom developer email ggregory at apache.org Low Vendor pom developer email grobmeier at apache.org Low Vendor pom developer email julius at apache.org Low Vendor pom developer email sebb at apache.org Low Vendor pom developer email tcurdt at apache.org Low Vendor pom developer id bodewig Medium Vendor pom developer id chtompki Medium Vendor pom developer id damjan Medium Vendor pom developer id ebourg Medium Vendor pom developer id ggregory Medium Vendor pom developer id grobmeier Medium Vendor pom developer id julius Medium Vendor pom developer id sebb Medium Vendor pom developer id tcurdt Medium Vendor pom developer name Christian Grobmeier Medium Vendor pom developer name Damjan Jovanovic Medium Vendor pom developer name Emmanuel Bourg Medium Vendor pom developer name Gary Gregory Medium Vendor pom developer name Julius Davies Medium Vendor pom developer name Rob Tompkins Medium Vendor pom developer name Sebastian Bazley Medium Vendor pom developer name Stefan Bodewig Medium Vendor pom developer name Torsten Curdt Medium Vendor pom groupid org.apache.commons Highest Vendor pom name Apache Commons Compress High Vendor pom parent-artifactid commons-parent Low Vendor pom url https://commons.apache.org/proper/commons-compress/ Highest Product file name commons-compress High Product jar package name apache Highest Product jar package name commons Highest Product jar package name compress Highest Product Manifest automatic-module-name org.apache.commons.compress Medium Product Manifest bundle-docurl https://commons.apache.org/proper/commons-compress/ Low Product Manifest Bundle-Name Apache Commons Compress Medium Product Manifest bundle-symbolicname org.apache.commons.commons-compress Medium Product Manifest extension-name org.apache.commons.compress Medium Product Manifest implementation-build UNKNOWN@r516f76ac1fe48be9a5162e53e4d0a99f23774565; 2019-08-24 16:14:33+0000 Low Product Manifest Implementation-Title Apache Commons Compress High Product Manifest implementation-url https://commons.apache.org/proper/commons-compress/ Low Product Manifest specification-title Apache Commons Compress Medium Product pom artifactid commons-compress Highest Product pom developer email bodewig at apache.org Low Product pom developer email chtompki at apache.org Low Product pom developer email damjan at apache.org Low Product pom developer email ebourg at apache.org Low Product pom developer email ggregory at apache.org Low Product pom developer email grobmeier at apache.org Low Product pom developer email julius at apache.org Low Product pom developer email sebb at apache.org Low Product pom developer email tcurdt at apache.org Low Product pom developer id bodewig Low Product pom developer id chtompki Low Product pom developer id damjan Low Product pom developer id ebourg Low Product pom developer id ggregory Low Product pom developer id grobmeier Low Product pom developer id julius Low Product pom developer id sebb Low Product pom developer id tcurdt Low Product pom developer name Christian Grobmeier Low Product pom developer name Damjan Jovanovic Low Product pom developer name Emmanuel Bourg Low Product pom developer name Gary Gregory Low Product pom developer name Julius Davies Low Product pom developer name Rob Tompkins Low Product pom developer name Sebastian Bazley Low Product pom developer name Stefan Bodewig Low Product pom developer name Torsten Curdt Low Product pom groupid org.apache.commons Highest Product pom name Apache Commons Compress High Product pom parent-artifactid commons-parent Medium Product pom url https://commons.apache.org/proper/commons-compress/ Medium Version file version 1.19 High Version Manifest Implementation-Version 1.19 High Version pom parent-version 1.19 Low Version pom version 1.19 Highest
CVE-2021-35515 suppress
When reading a specially crafted 7Z archive, the construction of the list of codecs that decompress an entry can result in an infinite loop. This could be used to mount a denial of service attack against services that use Compress' sevenz package. CWE-834 Excessive Iteration, CWE-835 Loop with Unreachable Exit Condition ('Infinite Loop')
CVSSv2:
Base Score: MEDIUM (5.0) Vector: /AV:N/AC:L/Au:N/C:N/I:N/A:P CVSSv3:
Base Score: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:3.9/RC:R/MAV:A References:
Vulnerable Software & Versions: (show all )
CVE-2021-35516 suppress
When reading a specially crafted 7Z archive, Compress can be made to allocate large amounts of memory that finally leads to an out of memory error even for very small inputs. This could be used to mount a denial of service attack against services that use Compress' sevenz package. CWE-130 Improper Handling of Length Parameter Inconsistency, CWE-770 Allocation of Resources Without Limits or Throttling
CVSSv2:
Base Score: MEDIUM (5.0) Vector: /AV:N/AC:L/Au:N/C:N/I:N/A:P CVSSv3:
Base Score: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:3.9/RC:R/MAV:A References:
Vulnerable Software & Versions: (show all )
CVE-2021-35517 suppress
When reading a specially crafted TAR archive, Compress can be made to allocate large amounts of memory that finally leads to an out of memory error even for very small inputs. This could be used to mount a denial of service attack against services that use Compress' tar package. CWE-130 Improper Handling of Length Parameter Inconsistency, CWE-770 Allocation of Resources Without Limits or Throttling
CVSSv2:
Base Score: MEDIUM (5.0) Vector: /AV:N/AC:L/Au:N/C:N/I:N/A:P CVSSv3:
Base Score: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:3.9/RC:R/MAV:A References:
Vulnerable Software & Versions: (show all )
CVE-2021-36090 suppress
When reading a specially crafted ZIP archive, Compress can be made to allocate large amounts of memory that finally leads to an out of memory error even for very small inputs. This could be used to mount a denial of service attack against services that use Compress' zip package. CWE-130 Improper Handling of Length Parameter Inconsistency, NVD-CWE-Other
CVSSv2:
Base Score: MEDIUM (5.0) Vector: /AV:N/AC:L/Au:N/C:N/I:N/A:P CVSSv3:
Base Score: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:3.9/RC:R/MAV:A References:
Vulnerable Software & Versions: (show all )
CVE-2024-25710 suppress
Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability in Apache Commons Compress.This issue affects Apache Commons Compress: from 1.3 through 1.25.0.
Users are recommended to upgrade to version 1.26.0 which fixes the issue.
CWE-835 Loop with Unreachable Exit Condition ('Infinite Loop')
CVSSv3:
Base Score: MEDIUM (5.5) Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:1.8/RC:R/MAV:A References:
Vulnerable Software & Versions:
commons-configuration-1.6.jarDescription:
Tools to assist in the reading of configuration/preferences files in
various formats
License:
The Apache Software License, Version 2.0: /LICENSE.txt File Path: /home/runner/.m2/repository/commons-configuration/commons-configuration/1.6/commons-configuration-1.6.jar
MD5: b099d9f9b4b99071cc52b259308df69a
SHA1: 32cadde23955d7681b0d94a2715846d20b425235
SHA256: 46b71b9656154f6a16ea4b1dc84026b52a9305f8eff046a2b4655fa1738e5eee
Referenced In Project/Scope: shardingsphere-infra-database-hive:provided
commons-configuration-1.6.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.hive/hive-jdbc@3.1.3
Evidence Type Source Name Value Confidence Vendor file name commons-configuration High Vendor jar package name apache Highest Vendor jar package name commons Highest Vendor jar package name configuration Highest Vendor Manifest bundle-docurl http://commons.apache.org/configuration/ Low Vendor Manifest bundle-symbolicname org.apache.commons.configuration Medium Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor Manifest Implementation-Vendor-Id org.apache Medium Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor pom artifactid commons-configuration Highest Vendor pom artifactid commons-configuration Low Vendor pom developer email bdunbar@dunbarconsulting.org Low Vendor pom developer email dion@multitask.com.au Low Vendor pom developer email dlr@finemaltcoding.com Low Vendor pom developer email ebourg@apache.org Low Vendor pom developer email epugh@upstate.com Low Vendor pom developer email hps@intermeta.de Low Vendor pom developer email jason@zenplex.com Low Vendor pom developer email joerg.schaible@gmx.de Low Vendor pom developer email mpoeschl@marmot.at Low Vendor pom developer email oheger@apache.org Low Vendor pom developer email rgoers@apache.org Low Vendor pom developer id bdunbar Medium Vendor pom developer id dion Medium Vendor pom developer id dlr Medium Vendor pom developer id ebourg Medium Vendor pom developer id epugh Medium Vendor pom developer id henning Medium Vendor pom developer id joehni Medium Vendor pom developer id jvanzyl Medium Vendor pom developer id mpoeschl Medium Vendor pom developer id oheger Medium Vendor pom developer id rgoers Medium Vendor pom developer name Brian E. Dunbar Medium Vendor pom developer name Daniel Rall Medium Vendor pom developer name dIon Gillard Medium Vendor pom developer name Emmanuel Bourg Medium Vendor pom developer name Eric Pugh Medium Vendor pom developer name Henning P. Schmiedehausen Medium Vendor pom developer name Jörg Schaible Medium Vendor pom developer name Jason van Zyl Medium Vendor pom developer name Jörg Schaible Medium Vendor pom developer name Martin Poeschl Medium Vendor pom developer name Oliver Heger Medium Vendor pom developer name Ralph Goers Medium Vendor pom developer org Agfa HealthCare Medium Vendor pom developer org Ariane Software Medium Vendor pom developer org CollabNet, Inc. Medium Vendor pom developer org dunbarconsulting.org Medium Vendor pom developer org INTERMETA - Gesellschaft fuer Mehrwertdienste mbH Medium Vendor pom developer org Intuit Medium Vendor pom developer org Multitask Consulting Medium Vendor pom developer org tucana.at Medium Vendor pom developer org upstate.com Medium Vendor pom developer org Zenplex Medium Vendor pom groupid commons-configuration Highest Vendor pom name Commons Configuration High Vendor pom organization name The Apache Software Foundation High Vendor pom organization url http://commons.apache.org/ Medium Vendor pom parent-artifactid commons-parent Low Vendor pom parent-groupid org.apache.commons Medium Vendor pom url http://commons.apache.org/${pom.artifactId.substring(8)}/ Highest Vendor pom url http://commons.apache.org/configuration/ Highest Product file name commons-configuration High Product jar package name apache Highest Product jar package name commons Highest Product jar package name configuration Highest Product Manifest bundle-docurl http://commons.apache.org/configuration/ Low Product Manifest Bundle-Name Commons Configuration Medium Product Manifest bundle-symbolicname org.apache.commons.configuration Medium Product Manifest Implementation-Title Commons Configuration High Product Manifest specification-title Commons Configuration Medium Product pom artifactid commons-configuration Highest Product pom developer email bdunbar@dunbarconsulting.org Low Product pom developer email dion@multitask.com.au Low Product pom developer email dlr@finemaltcoding.com Low Product pom developer email ebourg@apache.org Low Product pom developer email epugh@upstate.com Low Product pom developer email hps@intermeta.de Low Product pom developer email jason@zenplex.com Low Product pom developer email joerg.schaible@gmx.de Low Product pom developer email mpoeschl@marmot.at Low Product pom developer email oheger@apache.org Low Product pom developer email rgoers@apache.org Low Product pom developer id bdunbar Low Product pom developer id dion Low Product pom developer id dlr Low Product pom developer id ebourg Low Product pom developer id epugh Low Product pom developer id henning Low Product pom developer id joehni Low Product pom developer id jvanzyl Low Product pom developer id mpoeschl Low Product pom developer id oheger Low Product pom developer id rgoers Low Product pom developer name Brian E. Dunbar Low Product pom developer name Daniel Rall Low Product pom developer name dIon Gillard Low Product pom developer name Emmanuel Bourg Low Product pom developer name Eric Pugh Low Product pom developer name Henning P. Schmiedehausen Low Product pom developer name Jörg Schaible Low Product pom developer name Jason van Zyl Low Product pom developer name Jörg Schaible Low Product pom developer name Martin Poeschl Low Product pom developer name Oliver Heger Low Product pom developer name Ralph Goers Low Product pom developer org Agfa HealthCare Low Product pom developer org Ariane Software Low Product pom developer org CollabNet, Inc. Low Product pom developer org dunbarconsulting.org Low Product pom developer org INTERMETA - Gesellschaft fuer Mehrwertdienste mbH Low Product pom developer org Intuit Low Product pom developer org Multitask Consulting Low Product pom developer org tucana.at Low Product pom developer org upstate.com Low Product pom developer org Zenplex Low Product pom groupid commons-configuration Highest Product pom name Commons Configuration High Product pom organization name The Apache Software Foundation Low Product pom organization url http://commons.apache.org/ Low Product pom parent-artifactid commons-parent Medium Product pom parent-groupid org.apache.commons Medium Product pom url http://commons.apache.org/${pom.artifactId.substring(8)}/ Medium Product pom url http://commons.apache.org/configuration/ Medium Version file version 1.6 High Version Manifest Bundle-Version 1.6 High Version Manifest Implementation-Version 1.6 High Version pom parent-version 1.6 Low Version pom version 1.6 Highest
CVE-2024-29131 (OSSINDEX) suppress
Out-of-bounds Write vulnerability in Apache Commons Configuration.This issue affects Apache Commons Configuration: from 2.0 before 2.10.1.
Users are recommended to upgrade to version 2.10.1, which fixes the issue.
Sonatype's research suggests that this CVE's details differ from those defined at NVD. See https://ossindex.sonatype.org/vulnerability/CVE-2024-29131 for details CWE-787 Out-of-bounds Write
CVSSv3:
Base Score: MEDIUM (6.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L References:
Vulnerable Software & Versions (OSSINDEX):
cpe:2.3:a:commons-configuration:commons-configuration:1.6:*:*:*:*:*:*:* commons-crypto-1.0.0.jarDescription:
Apache Commons Crypto is a cryptographic library optimized with AES-NI (Advanced Encryption Standard New Instructions). It provides Java API for both cipher level and Java stream level. Developers can use it to implement high performance AES encryption/decryption with the minimum code and effort. Please note that Crypto doesn't implement the cryptographic algorithm such as AES directly. It wraps to Openssl or JCE which implement the algorithms. Features -------- 1. Cipher API for low level cryptographic operations. 2. Java stream API (CryptoInputStream/CryptoOutputStream) for high level stream encyrption/decryption. 3. Both optimized with high performance AES encryption/decryption. (1400 MB/s - 1700 MB/s throughput in modern Xeon processors). 4. JNI-based implementation to achieve comparable performance to the native C++ version based on OpenSsl. 5. Portable across various operating systems (currently only Linux/MacOSX/Windows); Apache Commons Crypto loads the library according to your machine environment (it checks system properties, `os.name` and `os.arch`). 6. Simple usage. Add the commons-crypto-(version).jar file to your classpath. Export restrictions ------------------- This distribution includes cryptographic software. The country in which you currently reside may have restrictions on the import, possession, use, and/or re-export to another country, of encryption software. BEFORE using any encryption software, please check your country's laws, regulations and policies concerning the import, possession, or use, and re-export of encryption software, to see if this is permitted. See for more information. The U.S. Government Department of Commerce, Bureau of Industry and Security (BIS), has classified this software as Export Commodity Control Number (ECCN) 5D002.C.1, which includes information security software using or performing cryptographic functions with asymmetric algorithms. The form and manner of this Apache Software Foundation distribution makes it eligible for export under the License Exception ENC Technology Software Unrestricted (TSU) exception (see the BIS Export Administration Regulations, Section 740.13) for both object code and source code. The following provides more details on the included cryptographic software: * Commons Crypto use [Java Cryptography Extension](http://docs.oracle.com/javase/8/docs/technotes/guides/security/crypto/CryptoSpec.html) provided by Java * Commons Crypto link to and use [OpenSSL](https://www.openssl.org/) ciphers License:
Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/runner/.m2/repository/org/apache/commons/commons-crypto/1.0.0/commons-crypto-1.0.0.jar
MD5: 981c95e38457b10d429090496b96f2d6
SHA1: 7938f66b01f62f03ef8af8a64401e85e45d51c5d
SHA256: 0043d8d74d8df632c57f938828e6f6efd555e293a9079dcdf59eab8e40107491
Referenced In Project/Scope: shardingsphere-infra-database-hive:provided
commons-crypto-1.0.0.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.hive/hive-jdbc@3.1.3
Evidence Type Source Name Value Confidence Vendor file name commons-crypto High Vendor jar package name apache Highest Vendor jar package name cipher Highest Vendor jar package name commons Highest Vendor jar package name crypto Highest Vendor jar package name stream Highest Vendor Manifest bundle-docurl http://commons.apache.org/proper/commons-crypto/ Low Vendor Manifest bundle-symbolicname org.apache.commons.crypto Medium Vendor Manifest implementation-build CRYPTO-1.0.0@r782ca06a1f9a292756fbad9eb9841e685cd34af1; 2016-07-26 09:19:11+0800 Low Vendor Manifest implementation-url http://commons.apache.org/proper/commons-crypto/ Low Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor Manifest Implementation-Vendor-Id org.apache Medium Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor pom artifactid commons-crypto Highest Vendor pom artifactid commons-crypto Low Vendor pom developer email atm@apache.org Low Vendor pom developer email cmccabe@apache.org Low Vendor pom developer email cnauroth@apache.org Low Vendor pom developer email dianfu@apache.org Low Vendor pom developer email dongc@apache.org Low Vendor pom developer email haifengchen@apache.org Low Vendor pom developer email sdp@apache.org Low Vendor pom developer email umamahesh@apache.org Low Vendor pom developer email vanzin@apache.org Low Vendor pom developer email wang@apache.org Low Vendor pom developer email xuf@apache.org Low Vendor pom developer email yliu@apache.org Low Vendor pom developer id atm Medium Vendor pom developer id cmccabe Medium Vendor pom developer id cnauroth Medium Vendor pom developer id dianfu Medium Vendor pom developer id dongc Medium Vendor pom developer id haifengchen Medium Vendor pom developer id sdp Medium Vendor pom developer id umamahesh Medium Vendor pom developer id vanzin Medium Vendor pom developer id wang Medium Vendor pom developer id xuf Medium Vendor pom developer id yliu Medium Vendor pom developer name Aaron T Myers Medium Vendor pom developer name Andrew Wang Medium Vendor pom developer name Chris Nauroth Medium Vendor pom developer name Colin P. McCabe Medium Vendor pom developer name Dapeng Sun Medium Vendor pom developer name Dian Fu Medium Vendor pom developer name Dong Chen Medium Vendor pom developer name Ferdinand Xu Medium Vendor pom developer name Haifeng Chen Medium Vendor pom developer name Marcelo Vanzin Medium Vendor pom developer name Uma Maheswara Rao G Medium Vendor pom developer name Yi Liu Medium Vendor pom groupid org.apache.commons Highest Vendor pom name Apache Commons Crypto High Vendor pom parent-artifactid commons-parent Low Vendor pom url http://commons.apache.org/proper/commons-crypto/ Highest Product file name commons-crypto High Product jar package name apache Highest Product jar package name cipher Highest Product jar package name commons Highest Product jar package name crypto Highest Product jar package name stream Highest Product Manifest bundle-docurl http://commons.apache.org/proper/commons-crypto/ Low Product Manifest Bundle-Name Apache Commons Crypto Medium Product Manifest bundle-symbolicname org.apache.commons.crypto Medium Product Manifest implementation-build CRYPTO-1.0.0@r782ca06a1f9a292756fbad9eb9841e685cd34af1; 2016-07-26 09:19:11+0800 Low Product Manifest Implementation-Title Apache Commons Crypto High Product Manifest implementation-url http://commons.apache.org/proper/commons-crypto/ Low Product Manifest specification-title Apache Commons Crypto Medium Product pom artifactid commons-crypto Highest Product pom developer email atm@apache.org Low Product pom developer email cmccabe@apache.org Low Product pom developer email cnauroth@apache.org Low Product pom developer email dianfu@apache.org Low Product pom developer email dongc@apache.org Low Product pom developer email haifengchen@apache.org Low Product pom developer email sdp@apache.org Low Product pom developer email umamahesh@apache.org Low Product pom developer email vanzin@apache.org Low Product pom developer email wang@apache.org Low Product pom developer email xuf@apache.org Low Product pom developer email yliu@apache.org Low Product pom developer id atm Low Product pom developer id cmccabe Low Product pom developer id cnauroth Low Product pom developer id dianfu Low Product pom developer id dongc Low Product pom developer id haifengchen Low Product pom developer id sdp Low Product pom developer id umamahesh Low Product pom developer id vanzin Low Product pom developer id wang Low Product pom developer id xuf Low Product pom developer id yliu Low Product pom developer name Aaron T Myers Low Product pom developer name Andrew Wang Low Product pom developer name Chris Nauroth Low Product pom developer name Colin P. McCabe Low Product pom developer name Dapeng Sun Low Product pom developer name Dian Fu Low Product pom developer name Dong Chen Low Product pom developer name Ferdinand Xu Low Product pom developer name Haifeng Chen Low Product pom developer name Marcelo Vanzin Low Product pom developer name Uma Maheswara Rao G Low Product pom developer name Yi Liu Low Product pom groupid org.apache.commons Highest Product pom name Apache Commons Crypto High Product pom parent-artifactid commons-parent Medium Product pom url http://commons.apache.org/proper/commons-crypto/ Medium Version file version 1.0.0 High Version Manifest Bundle-Version 1.0.0 High Version Manifest Implementation-Version 1.0.0 High Version pom parent-version 1.0.0 Low Version pom version 1.0.0 Highest
commons-crypto-1.0.0.jar: commons-crypto.dllFile Path: /home/runner/.m2/repository/org/apache/commons/commons-crypto/1.0.0/commons-crypto-1.0.0.jar/org/apache/commons/crypto/native/Windows/x86/commons-crypto.dllMD5: 80df8a7e2032790a467db967ce60182eSHA1: 2a8efda075679e8a913347c52f409015b4ce2e96SHA256: 02e008efb98e14d5b1f16a2219f71ad179ff301bed5a2267883c28d74bcfe6beReferenced In Project/Scope: shardingsphere-infra-database-hive:provided
Evidence Type Source Name Value Confidence Vendor file name commons-crypto High Product file name commons-crypto High
commons-crypto-1.0.0.jar: commons-crypto.dllFile Path: /home/runner/.m2/repository/org/apache/commons/commons-crypto/1.0.0/commons-crypto-1.0.0.jar/org/apache/commons/crypto/native/Windows/x86_64/commons-crypto.dllMD5: a330d40c0b4016e6fcff609473eeb44eSHA1: ed34492e05a31791856eaecdd436db9a875926ebSHA256: 6d8783ac18bc5f770af7371fcf9684af4b531cad982e62ffe508fca22afa573fReferenced In Project/Scope: shardingsphere-infra-database-hive:provided
Evidence Type Source Name Value Confidence Vendor file name commons-crypto High Product file name commons-crypto High
commons-csv-1.9.0.jarDescription:
The Apache Commons CSV library provides a simple interface for reading and writing CSV files of various types. License:
https://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/runner/.m2/repository/org/apache/commons/commons-csv/1.9.0/commons-csv-1.9.0.jar
MD5: 75559edcb39c783299289690c5a45816
SHA1: b59d8f64cd0b83ee1c04ff1748de2504457018c1
SHA256: c418d6aab4db4f1f70983d355de8d7c1e755c754820a92294da2e5f5081022cc
Referenced In Projects/Scopes: shardingsphere-test-it-parser:compile shardingsphere-test-it-optimizer:compile commons-csv-1.9.0.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.shardingsphere/shardingsphere-test-it-parser@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-it-parser@5.5.1-SNAPSHOT Evidence Type Source Name Value Confidence Vendor file name commons-csv High Vendor jar package name apache Highest Vendor jar package name commons Highest Vendor jar package name csv Highest Vendor Manifest build-jdk-spec 1.8 Low Vendor Manifest bundle-docurl https://commons.apache.org/proper/commons-csv/ Low Vendor Manifest bundle-symbolicname org.apache.commons.commons-csv Medium Vendor Manifest implementation-build release@r8e25a2b30cae841101540c26ff21b79c51ad3eff; 2021-07-24 15:40:36+0000 Low Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor Manifest Implementation-Vendor-Id org.apache Medium Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor pom artifactid commons-csv Highest Vendor pom artifactid commons-csv Low Vendor pom developer email bayard@apache.org Low Vendor pom developer email britter@apache.org Low Vendor pom developer email chtompki@apache.org Low Vendor pom developer email ebourg@apache.org Low Vendor pom developer email ggregory at apache.org Low Vendor pom developer email mvdb@apache.org Low Vendor pom developer email yonik@apache.org Low Vendor pom developer id bayard Medium Vendor pom developer id britter Medium Vendor pom developer id chtompki Medium Vendor pom developer id ebourg Medium Vendor pom developer id ggregory Medium Vendor pom developer id mvdb Medium Vendor pom developer id yonik Medium Vendor pom developer name Benedikt Ritter Medium Vendor pom developer name Emmanuel Bourg Medium Vendor pom developer name Gary Gregory Medium Vendor pom developer name Henri Yandell Medium Vendor pom developer name Martin van den Bemt Medium Vendor pom developer name Rob Tompkins Medium Vendor pom developer name Yonik Seeley Medium Vendor pom developer org Apache Medium Vendor pom developer org The Apache Software Foundation Medium Vendor pom developer org URL https://www.apache.org/ Medium Vendor pom groupid org.apache.commons Highest Vendor pom name Apache Commons CSV High Vendor pom parent-artifactid commons-parent Low Vendor pom url https://commons.apache.org/proper/commons-csv/ Highest Product file name commons-csv High Product jar package name apache Highest Product jar package name commons Highest Product jar package name csv Highest Product Manifest build-jdk-spec 1.8 Low Product Manifest bundle-docurl https://commons.apache.org/proper/commons-csv/ Low Product Manifest Bundle-Name Apache Commons CSV Medium Product Manifest bundle-symbolicname org.apache.commons.commons-csv Medium Product Manifest implementation-build release@r8e25a2b30cae841101540c26ff21b79c51ad3eff; 2021-07-24 15:40:36+0000 Low Product Manifest Implementation-Title Apache Commons CSV High Product Manifest specification-title Apache Commons CSV Medium Product pom artifactid commons-csv Highest Product pom developer email bayard@apache.org Low Product pom developer email britter@apache.org Low Product pom developer email chtompki@apache.org Low Product pom developer email ebourg@apache.org Low Product pom developer email ggregory at apache.org Low Product pom developer email mvdb@apache.org Low Product pom developer email yonik@apache.org Low Product pom developer id bayard Low Product pom developer id britter Low Product pom developer id chtompki Low Product pom developer id ebourg Low Product pom developer id ggregory Low Product pom developer id mvdb Low Product pom developer id yonik Low Product pom developer name Benedikt Ritter Low Product pom developer name Emmanuel Bourg Low Product pom developer name Gary Gregory Low Product pom developer name Henri Yandell Low Product pom developer name Martin van den Bemt Low Product pom developer name Rob Tompkins Low Product pom developer name Yonik Seeley Low Product pom developer org Apache Low Product pom developer org The Apache Software Foundation Low Product pom developer org URL https://www.apache.org/ Low Product pom groupid org.apache.commons Highest Product pom name Apache Commons CSV High Product pom parent-artifactid commons-parent Medium Product pom url https://commons.apache.org/proper/commons-csv/ Medium Version file version 1.9.0 High Version Manifest Bundle-Version 1.9.0 High Version Manifest Implementation-Version 1.9.0 High Version pom parent-version 1.9.0 Low Version pom version 1.9.0 Highest
commons-daemon-1.0.13.jarDescription:
Apache Commons Daemon software provides an alternative invocation mechanism for unix-daemon-like Java code.
License:
http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/runner/.m2/repository/commons-daemon/commons-daemon/1.0.13/commons-daemon-1.0.13.jar
MD5: 686f1a2cc85f8f4e939bd3cd28c9720b
SHA1: 750856a1fdb3ddf721ccf73c3518e4211cffc3a3
SHA256: fd63b583fd3e8baeae22efacbd5a4f91c1fd97f56248e62e2615efa7b81daeaa
Referenced In Project/Scope: shardingsphere-infra-database-hive:provided
commons-daemon-1.0.13.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.hive/hive-jdbc@3.1.3
Evidence Type Source Name Value Confidence Vendor file name commons-daemon High Vendor jar package name apache Highest Vendor jar package name commons Highest Vendor jar package name daemon Highest Vendor Manifest bundle-docurl http://commons.apache.org/daemon/ Low Vendor Manifest bundle-symbolicname org.apache.commons.daemon Medium Vendor Manifest implementation-build UNKNOWN_BRANCH@r??????; 2013-02-06 19:20:07+0100 Low Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor Manifest Implementation-Vendor-Id org.apache Medium Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor pom artifactid commons-daemon Highest Vendor pom artifactid commons-daemon Low Vendor pom developer email billbarker at apache.org Low Vendor pom developer email jfclere at apache.org Low Vendor pom developer email mturk at apache.org Low Vendor pom developer email remm at apache.org Low Vendor pom developer email yoavs at apache.org Low Vendor pom developer id billbarker Medium Vendor pom developer id jfclere Medium Vendor pom developer id mturk Medium Vendor pom developer id remm Medium Vendor pom developer id yoavs Medium Vendor pom developer name Bill Barker Medium Vendor pom developer name Jean-Frederic Clere Medium Vendor pom developer name Mladen Turk Medium Vendor pom developer name Remy Maucherat Medium Vendor pom developer name Yoav Shapira Medium Vendor pom groupid commons-daemon Highest Vendor pom name Commons Daemon High Vendor pom parent-artifactid commons-parent Low Vendor pom parent-groupid org.apache.commons Medium Vendor pom url http://commons.apache.org/daemon/ Highest Product file name commons-daemon High Product jar package name apache Highest Product jar package name commons Highest Product jar package name daemon Highest Product Manifest bundle-docurl http://commons.apache.org/daemon/ Low Product Manifest Bundle-Name Commons Daemon Medium Product Manifest bundle-symbolicname org.apache.commons.daemon Medium Product Manifest implementation-build UNKNOWN_BRANCH@r??????; 2013-02-06 19:20:07+0100 Low Product Manifest Implementation-Title Commons Daemon High Product Manifest specification-title Commons Daemon Medium Product pom artifactid commons-daemon Highest Product pom developer email billbarker at apache.org Low Product pom developer email jfclere at apache.org Low Product pom developer email mturk at apache.org Low Product pom developer email remm at apache.org Low Product pom developer email yoavs at apache.org Low Product pom developer id billbarker Low Product pom developer id jfclere Low Product pom developer id mturk Low Product pom developer id remm Low Product pom developer id yoavs Low Product pom developer name Bill Barker Low Product pom developer name Jean-Frederic Clere Low Product pom developer name Mladen Turk Low Product pom developer name Remy Maucherat Low Product pom developer name Yoav Shapira Low Product pom groupid commons-daemon Highest Product pom name Commons Daemon High Product pom parent-artifactid commons-parent Medium Product pom parent-groupid org.apache.commons Medium Product pom url http://commons.apache.org/daemon/ Medium Version file version 1.0.13 High Version Manifest Bundle-Version 1.0.13 High Version Manifest Implementation-Version 1.0.13 High Version pom parent-version 1.0.13 Low Version pom version 1.0.13 Highest
commons-dbcp2-2.6.0.jar commons-digester-1.8.jarDescription:
The Digester package lets you configure an XML->Java object mapping module
which triggers certain actions called rules whenever a particular
pattern of nested XML elements is recognized. License:
The Apache Software License, Version 2.0: /LICENSE.txt File Path: /home/runner/.m2/repository/commons-digester/commons-digester/1.8/commons-digester-1.8.jar
MD5: cf89c593f0378e9509a06fce7030aeba
SHA1: dc6a73fdbd1fa3f0944e8497c6c872fa21dca37e
SHA256: 05662373044f3dff112567b7bb5dfa1174e91e074c0c727b4412788013f49d56
Referenced In Project/Scope: shardingsphere-infra-database-hive:provided
commons-digester-1.8.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.hive/hive-jdbc@3.1.3
Evidence Type Source Name Value Confidence Vendor file name commons-digester High Vendor jar package name apache Highest Vendor jar package name commons Highest Vendor jar package name digester Highest Vendor jar package name rules Highest Vendor Manifest extension-name commons-digester Medium Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor Manifest Implementation-Vendor-Id org.apache Medium Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor pom artifactid commons-digester Highest Vendor pom artifactid commons-digester Low Vendor pom developer email craigmcc@apache.org Low Vendor pom developer email jfarcand@apache.org Low Vendor pom developer email jstrachan@apache.org Low Vendor pom developer email jvanzyl@apache.org Low Vendor pom developer email rahul AT apache DOT org Low Vendor pom developer email rdonkin@apache.org Low Vendor pom developer email sanders@totalsync.com Low Vendor pom developer email skitching@apache.org Low Vendor pom developer email tobrien@apache.org Low Vendor pom developer id craigmcc Medium Vendor pom developer id jfarcand Medium Vendor pom developer id jstrachan Medium Vendor pom developer id jvanzyl Medium Vendor pom developer id rahul Medium Vendor pom developer id rdonkin Medium Vendor pom developer id sanders Medium Vendor pom developer id skitching Medium Vendor pom developer id tobrien Medium Vendor pom developer name Craig McClanahan Medium Vendor pom developer name James Strachan Medium Vendor pom developer name Jason van Zyl Medium Vendor pom developer name Jean-Francois Arcand Medium Vendor pom developer name Rahul Akolkar Medium Vendor pom developer name Robert Burrell Donkin Medium Vendor pom developer name Scott Sanders Medium Vendor pom developer name Simon Kitching Medium Vendor pom developer name Tim OBrien Medium Vendor pom developer org Sun Microsystems Medium Vendor pom groupid commons-digester Highest Vendor pom name Digester High Vendor pom organization name The Apache Software Foundation High Vendor pom organization url http://jakarta.apache.org Medium Vendor pom url http://jakarta.apache.org/commons/digester/ Highest Product file name commons-digester High Product jar package name apache Highest Product jar package name commons Highest Product jar package name digester Highest Product jar package name rule Highest Product jar package name rules Highest Product Manifest extension-name commons-digester Medium Product Manifest Implementation-Title org.apache.commons.digester High Product Manifest specification-title Rule based XML->Java object mapping module Medium Product pom artifactid commons-digester Highest Product pom developer email craigmcc@apache.org Low Product pom developer email jfarcand@apache.org Low Product pom developer email jstrachan@apache.org Low Product pom developer email jvanzyl@apache.org Low Product pom developer email rahul AT apache DOT org Low Product pom developer email rdonkin@apache.org Low Product pom developer email sanders@totalsync.com Low Product pom developer email skitching@apache.org Low Product pom developer email tobrien@apache.org Low Product pom developer id craigmcc Low Product pom developer id jfarcand Low Product pom developer id jstrachan Low Product pom developer id jvanzyl Low Product pom developer id rahul Low Product pom developer id rdonkin Low Product pom developer id sanders Low Product pom developer id skitching Low Product pom developer id tobrien Low Product pom developer name Craig McClanahan Low Product pom developer name James Strachan Low Product pom developer name Jason van Zyl Low Product pom developer name Jean-Francois Arcand Low Product pom developer name Rahul Akolkar Low Product pom developer name Robert Burrell Donkin Low Product pom developer name Scott Sanders Low Product pom developer name Simon Kitching Low Product pom developer name Tim OBrien Low Product pom developer org Sun Microsystems Low Product pom groupid commons-digester Highest Product pom name Digester High Product pom organization name The Apache Software Foundation Low Product pom organization url http://jakarta.apache.org Low Product pom url http://jakarta.apache.org/commons/digester/ Medium Version file version 1.8 High Version Manifest Implementation-Version 1.8 High Version pom version 1.8 Highest
commons-exec-1.3.jarDescription:
Apache Commons Exec is a library to reliably execute external processes from within the JVM. License:
http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/runner/.m2/repository/org/apache/commons/commons-exec/1.3/commons-exec-1.3.jar
MD5: 8bb8fa2edfd60d5c7ed6bf9923d14aa8
SHA1: 8dfb9facd0830a27b1b5f29f84593f0aeee7773b
SHA256: cb49812dc1bfb0ea4f20f398bcae1a88c6406e213e67f7524fb10d4f8ad9347b
Referenced In Projects/Scopes: shardingsphere-proxy-backend-opengauss:compile shardingsphere-data-pipeline-scenario-consistencycheck:compile shardingsphere-test-e2e-agent-plugins-metrics-prometheus:compile shardingsphere-test-e2e-agent-plugins-jaeger:compile shardingsphere-agent-metrics-core:provided shardingsphere-proxy-backend-postgresql:compile shardingsphere-agent-logging-type:provided shardingsphere-proxy-native-distribution:compile shardingsphere-agent-tracing-core:provided shardingsphere-test-e2e-sql:compile shardingsphere-data-pipeline-cdc-core:compile shardingsphere-proxy-backend-hbase:compile shardingsphere-data-pipeline-postgresql:compile shardingsphere-agent-logging-file:provided shardingsphere-data-pipeline-mysql:compile shardingsphere-test-e2e-env:compile shardingsphere-test-e2e-fixture:compile shardingsphere-agent-plugin-core:provided shardingsphere-test-e2e-agent-plugins-zipkin:compile shardingsphere-proxy-frontend-opengauss:compile shardingsphere-agent-plugin-logging:provided shardingsphere-proxy-backend-core:compile shardingsphere-test-it-pipeline:compile shardingsphere-test-e2e-showprocesslist:compile shardingsphere-proxy-distribution:compile shardingsphere-test-e2e-transaction:compile shardingsphere-agent-metrics-type:provided shardingsphere-agent-tracing-opentelemetry:provided shardingsphere-data-pipeline-opengauss:compile shardingsphere-proxy-frontend-postgresql:compile shardingsphere-data-pipeline-core:compile shardingsphere-agent-metrics-prometheus:provided shardingsphere-proxy-frontend-mysql:compile shardingsphere-test-e2e-agent-plugins-logging-file:compile shardingsphere-test-e2e-agent-plugins-common:compile shardingsphere-schedule-core:compile shardingsphere-agent-tracing-type:provided shardingsphere-proxy-frontend-core:compile shardingsphere-proxy-bootstrap:compile shardingsphere-proxy-frontend-spi:compile shardingsphere-data-pipeline-distsql-handler:compile shardingsphere-agent-plugin-metrics:provided shardingsphere-agent-plugins:provided shardingsphere-data-pipeline-scenario-migration:compile shardingsphere-agent-plugin-tracing:provided shardingsphere-proxy-backend-mysql:compile shardingsphere-test-e2e-pipeline:compile commons-exec-1.3.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-postgresql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-fixture@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-mysql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-bootstrap@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-env@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-common@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere.elasticjob/elasticjob-lite-core@3.0.4 pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-env@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-common@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-bootstrap@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere.elasticjob/elasticjob-lite-core@3.0.4 pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-bootstrap@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-schedule-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-common@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-scenario-consistencycheck@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-common@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-postgresql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-fixture@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT Evidence Type Source Name Value Confidence Vendor file name commons-exec High Vendor jar package name apache Highest Vendor jar package name commons Highest Vendor jar package name exec Highest Vendor Manifest bundle-docurl http://commons.apache.org/proper/commons-exec/ Low Vendor Manifest bundle-symbolicname org.apache.commons.exec Medium Vendor Manifest implementation-build trunk@r1636211; 2014-11-02 23:51:55+0000 Low Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor Manifest Implementation-Vendor-Id org.apache Medium Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor pom artifactid commons-exec Highest Vendor pom artifactid commons-exec Low Vendor pom developer email ggregory@apache.org Low Vendor pom developer id brett Medium Vendor pom developer id ggregory Medium Vendor pom developer id sebb Medium Vendor pom developer id sgoeschl Medium Vendor pom developer id trygvis Medium Vendor pom developer name Brett Porter Medium Vendor pom developer name Gary Gregory Medium Vendor pom developer name Sebastian Bazley Medium Vendor pom developer name Siegfried Goeschl Medium Vendor pom developer name Trygve Laugstøl Medium Vendor pom developer org Apache Medium Vendor pom groupid org.apache.commons Highest Vendor pom name Apache Commons Exec High Vendor pom parent-artifactid commons-parent Low Vendor pom url http://commons.apache.org/proper/commons-exec/ Highest Product file name commons-exec High Product jar package name apache Highest Product jar package name commons Highest Product jar package name exec Highest Product Manifest bundle-docurl http://commons.apache.org/proper/commons-exec/ Low Product Manifest Bundle-Name Apache Commons Exec Medium Product Manifest bundle-symbolicname org.apache.commons.exec Medium Product Manifest implementation-build trunk@r1636211; 2014-11-02 23:51:55+0000 Low Product Manifest Implementation-Title Apache Commons Exec High Product Manifest specification-title Apache Commons Exec Medium Product pom artifactid commons-exec Highest Product pom developer email ggregory@apache.org Low Product pom developer id brett Low Product pom developer id ggregory Low Product pom developer id sebb Low Product pom developer id sgoeschl Low Product pom developer id trygvis Low Product pom developer name Brett Porter Low Product pom developer name Gary Gregory Low Product pom developer name Sebastian Bazley Low Product pom developer name Siegfried Goeschl Low Product pom developer name Trygve Laugstøl Low Product pom developer org Apache Low Product pom groupid org.apache.commons Highest Product pom name Apache Commons Exec High Product pom parent-artifactid commons-parent Medium Product pom url http://commons.apache.org/proper/commons-exec/ Medium Version file version 1.3 High Version Manifest Implementation-Version 1.3 High Version pom parent-version 1.3 Low Version pom version 1.3 Highest
commons-httpclient-3.1.jarDescription:
The HttpClient component supports the client-side of RFC 1945 (HTTP/1.0) and RFC 2616 (HTTP/1.1) , several related specifications (RFC 2109 (Cookies) , RFC 2617 (HTTP Authentication) , etc.), and provides a framework by which new request types (methods) or HTTP extensions can be created easily. License:
Apache License: http://www.apache.org/licenses/LICENSE-2.0 File Path: /home/runner/.m2/repository/commons-httpclient/commons-httpclient/3.1/commons-httpclient-3.1.jar
MD5: 8ad8c9229ef2d59ab9f59f7050e846a5
SHA1: 964cd74171f427720480efdec40a7c7f6e58426a
SHA256: dbd4953d013e10e7c1cc3701a3e6ccd8c950c892f08d804fabfac21705930443
Referenced In Project/Scope: shardingsphere-infra-database-hive:provided
commons-httpclient-3.1.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.hive/hive-jdbc@3.1.3
Evidence Type Source Name Value Confidence Vendor file name commons-httpclient High Vendor jar package name apache Highest Vendor jar package name commons Highest Vendor jar package name httpclient Highest Vendor jar package name methods Highest Vendor manifest: org/apache/commons/httpclient Implementation-Vendor Apache Software Foundation Medium Vendor pom artifactid commons-httpclient Highest Vendor pom artifactid commons-httpclient Low Vendor pom developer email adrian.sutton -at- ephox.com Low Vendor pom developer email dion -at- apache.org Low Vendor pom developer email jericho -at- apache.org Low Vendor pom developer email jsdever -at- apache.org Low Vendor pom developer email mbecke -at- apache.org Low Vendor pom developer email oglueck -at- apache.org Low Vendor pom developer email olegk -at- apache.org Low Vendor pom developer email rwaldhoff -at- apache Low Vendor pom developer email sullis -at- apache.org Low Vendor pom developer id adrian Medium Vendor pom developer id dion Medium Vendor pom developer id jericho Medium Vendor pom developer id jsdever Medium Vendor pom developer id mbecke Medium Vendor pom developer id oglueck Medium Vendor pom developer id olegk Medium Vendor pom developer id rwaldhoff Medium Vendor pom developer id sullis Medium Vendor pom developer name Adrian Sutton Medium Vendor pom developer name dIon Gillard Medium Vendor pom developer name Jeff Dever Medium Vendor pom developer name Michael Becke Medium Vendor pom developer name Oleg Kalnichevski Medium Vendor pom developer name Ortwin Glueck Medium Vendor pom developer name Rodney Waldhoff Medium Vendor pom developer name Sean C. Sullivan Medium Vendor pom developer name Sung-Gu Medium Vendor pom developer org Britannica Medium Vendor pom developer org Independent consultant Medium Vendor pom developer org Intencha Medium Vendor pom developer org Multitask Consulting Medium Vendor pom groupid commons-httpclient Highest Vendor pom name HttpClient High Vendor pom organization name Apache Software Foundation High Vendor pom organization url http://jakarta.apache.org/ Medium Vendor pom url http://jakarta.apache.org/httpcomponents/httpclient-3.x/ Highest Product file name commons-httpclient High Product jar package name apache Highest Product jar package name commons Highest Product jar package name httpclient Highest Product jar package name methods Highest Product manifest: org/apache/commons/httpclient Implementation-Title org.apache.commons.httpclient Medium Product manifest: org/apache/commons/httpclient Specification-Title Jakarta Commons HttpClient Medium Product pom artifactid commons-httpclient Highest Product pom developer email adrian.sutton -at- ephox.com Low Product pom developer email dion -at- apache.org Low Product pom developer email jericho -at- apache.org Low Product pom developer email jsdever -at- apache.org Low Product pom developer email mbecke -at- apache.org Low Product pom developer email oglueck -at- apache.org Low Product pom developer email olegk -at- apache.org Low Product pom developer email rwaldhoff -at- apache Low Product pom developer email sullis -at- apache.org Low Product pom developer id adrian Low Product pom developer id dion Low Product pom developer id jericho Low Product pom developer id jsdever Low Product pom developer id mbecke Low Product pom developer id oglueck Low Product pom developer id olegk Low Product pom developer id rwaldhoff Low Product pom developer id sullis Low Product pom developer name Adrian Sutton Low Product pom developer name dIon Gillard Low Product pom developer name Jeff Dever Low Product pom developer name Michael Becke Low Product pom developer name Oleg Kalnichevski Low Product pom developer name Ortwin Glueck Low Product pom developer name Rodney Waldhoff Low Product pom developer name Sean C. Sullivan Low Product pom developer name Sung-Gu Low Product pom developer org Britannica Low Product pom developer org Independent consultant Low Product pom developer org Intencha Low Product pom developer org Multitask Consulting Low Product pom groupid commons-httpclient Highest Product pom name HttpClient High Product pom organization name Apache Software Foundation Low Product pom organization url http://jakarta.apache.org/ Low Product pom url http://jakarta.apache.org/httpcomponents/httpclient-3.x/ Medium Version file version 3.1 High Version manifest: org/apache/commons/httpclient Implementation-Version 3.1 Medium Version pom version 3.1 Highest
CVE-2012-5783 suppress
Apache Commons HttpClient 3.x, as used in Amazon Flexible Payments Service (FPS) merchant Java SDK and other products, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate. CWE-295 Improper Certificate Validation
CVSSv2:
Base Score: MEDIUM (5.8) Vector: /AV:N/AC:M/Au:N/C:P/I:P/A:N References:
Vulnerable Software & Versions:
CVE-2020-13956 suppress
Apache HttpClient versions prior to version 4.5.13 and 5.0.3 can misinterpret malformed authority component in request URIs passed to the library as java.net.URI object and pick the wrong target host for request execution. NVD-CWE-noinfo
CVSSv2:
Base Score: MEDIUM (5.0) Vector: /AV:N/AC:L/Au:N/C:N/I:P/A:N CVSSv3:
Base Score: MEDIUM (5.3) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:3.9/RC:R/MAV:A References:
Vulnerable Software & Versions: (show all )
commons-io-2.11.0.jar commons-lang-2.4.jar commons-lang-2.6.jarDescription:
Commons Lang, a package of Java utility classes for the
classes that are in java.lang's hierarchy, or are considered to be so
standard as to justify existence in java.lang.
License:
http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/runner/.m2/repository/commons-lang/commons-lang/2.6/commons-lang-2.6.jar
MD5: 4d5c1693079575b362edf41500630bbd
SHA1: 0ce1edb914c94ebc388f086c6827e8bdeec71ac2
SHA256: 50f11b09f877c294d56f24463f47d28f929cf5044f648661c0f0cfbae9a2f49c
Referenced In Projects/Scopes: shardingsphere-infra-database-hive:provided shardingsphere-transaction-base-seata-at:provided commons-lang-2.6.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.hive/hive-jdbc@3.1.3 pkg:maven/io.seata/seata-all@2.0.0 Evidence Type Source Name Value Confidence Vendor file name commons-lang High Vendor jar package name apache Highest Vendor jar package name commons Highest Vendor jar package name lang Highest Vendor Manifest bundle-docurl http://commons.apache.org/lang/ Low Vendor Manifest bundle-symbolicname org.apache.commons.lang Medium Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor Manifest Implementation-Vendor-Id org.apache Medium Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor pom artifactid commons-lang Highest Vendor pom artifactid commons-lang Low Vendor pom developer email bayard@apache.org Low Vendor pom developer email dlr@finemaltcoding.com Low Vendor pom developer email ggregory@seagullsw.com Low Vendor pom developer email jcarman@apache.org Low Vendor pom developer email joerg.schaible@gmx.de Low Vendor pom developer email oheger@apache.org Low Vendor pom developer email pbenedict@apache.org Low Vendor pom developer email phil@steitz.com Low Vendor pom developer email rdonkin@apache.org Low Vendor pom developer email scolebourne@joda.org Low Vendor pom developer email stevencaswell@apache.org Low Vendor pom developer id bayard Medium Vendor pom developer id dlr Medium Vendor pom developer id fredrik Medium Vendor pom developer id ggregory Medium Vendor pom developer id jcarman Medium Vendor pom developer id joehni Medium Vendor pom developer id mbenson Medium Vendor pom developer id niallp Medium Vendor pom developer id oheger Medium Vendor pom developer id pbenedict Medium Vendor pom developer id psteitz Medium Vendor pom developer id rdonkin Medium Vendor pom developer id scaswell Medium Vendor pom developer id scolebourne Medium Vendor pom developer name Daniel Rall Medium Vendor pom developer name Fredrik Westermarck Medium Vendor pom developer name Gary D. Gregory Medium Vendor pom developer name Henri Yandell Medium Vendor pom developer name James Carman Medium Vendor pom developer name Joerg Schaible Medium Vendor pom developer name Matt Benson Medium Vendor pom developer name Niall Pemberton Medium Vendor pom developer name Oliver Heger Medium Vendor pom developer name Paul Benedict Medium Vendor pom developer name Phil Steitz Medium Vendor pom developer name Robert Burrell Donkin Medium Vendor pom developer name Stephen Colebourne Medium Vendor pom developer name Steven Caswell Medium Vendor pom developer org Carman Consulting, Inc. Medium Vendor pom developer org CollabNet, Inc. Medium Vendor pom developer org Seagull Software Medium Vendor pom developer org SITA ATS Ltd Medium Vendor pom groupid commons-lang Highest Vendor pom name Commons Lang High Vendor pom parent-artifactid commons-parent Low Vendor pom parent-groupid org.apache.commons Medium Vendor pom url http://commons.apache.org/lang/ Highest Product file name commons-lang High Product jar package name apache Highest Product jar package name commons Highest Product jar package name lang Highest Product Manifest bundle-docurl http://commons.apache.org/lang/ Low Product Manifest Bundle-Name Commons Lang Medium Product Manifest bundle-symbolicname org.apache.commons.lang Medium Product Manifest Implementation-Title Commons Lang High Product Manifest specification-title Commons Lang Medium Product pom artifactid commons-lang Highest Product pom developer email bayard@apache.org Low Product pom developer email dlr@finemaltcoding.com Low Product pom developer email ggregory@seagullsw.com Low Product pom developer email jcarman@apache.org Low Product pom developer email joerg.schaible@gmx.de Low Product pom developer email oheger@apache.org Low Product pom developer email pbenedict@apache.org Low Product pom developer email phil@steitz.com Low Product pom developer email rdonkin@apache.org Low Product pom developer email scolebourne@joda.org Low Product pom developer email stevencaswell@apache.org Low Product pom developer id bayard Low Product pom developer id dlr Low Product pom developer id fredrik Low Product pom developer id ggregory Low Product pom developer id jcarman Low Product pom developer id joehni Low Product pom developer id mbenson Low Product pom developer id niallp Low Product pom developer id oheger Low Product pom developer id pbenedict Low Product pom developer id psteitz Low Product pom developer id rdonkin Low Product pom developer id scaswell Low Product pom developer id scolebourne Low Product pom developer name Daniel Rall Low Product pom developer name Fredrik Westermarck Low Product pom developer name Gary D. Gregory Low Product pom developer name Henri Yandell Low Product pom developer name James Carman Low Product pom developer name Joerg Schaible Low Product pom developer name Matt Benson Low Product pom developer name Niall Pemberton Low Product pom developer name Oliver Heger Low Product pom developer name Paul Benedict Low Product pom developer name Phil Steitz Low Product pom developer name Robert Burrell Donkin Low Product pom developer name Stephen Colebourne Low Product pom developer name Steven Caswell Low Product pom developer org Carman Consulting, Inc. Low Product pom developer org CollabNet, Inc. Low Product pom developer org Seagull Software Low Product pom developer org SITA ATS Ltd Low Product pom groupid commons-lang Highest Product pom name Commons Lang High Product pom parent-artifactid commons-parent Medium Product pom parent-groupid org.apache.commons Medium Product pom url http://commons.apache.org/lang/ Medium Version file version 2.6 High Version Manifest Bundle-Version 2.6 High Version Manifest Implementation-Version 2.6 High Version pom parent-version 2.6 Low Version pom version 2.6 Highest
commons-lang3-3.12.0.jar commons-logging-1.2.jar commons-math3-3.6.1.jar commons-net-3.1.jarDescription:
Apache Commons Net library contains a collection of network utilities and protocol implementations.
Supported protocols include: Echo, Finger, FTP, NNTP, NTP, POP3(S), SMTP(S), Telnet, Whois
License:
http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/runner/.m2/repository/commons-net/commons-net/3.1/commons-net-3.1.jar
MD5: 23c94d51e72f341fb412d6a015e16313
SHA1: 2298164a7c2484406f2aa5ac85b205d39019896f
SHA256: 34a58d6d80a50748307e674ec27b4411e6536fd12e78bec428eb2ee49a123007
Referenced In Project/Scope: shardingsphere-infra-database-hive:provided
commons-net-3.1.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.hive/hive-jdbc@3.1.3
Evidence Type Source Name Value Confidence Vendor file name commons-net High Vendor jar package name apache Highest Vendor jar package name commons Highest Vendor jar package name echo Highest Vendor jar package name finger Highest Vendor jar package name ftp Highest Vendor jar package name net Highest Vendor jar package name nntp Highest Vendor jar package name pop3 Highest Vendor jar package name smtp Highest Vendor jar package name telnet Highest Vendor jar package name whois Highest Vendor Manifest bundle-docurl http://commons.apache.org/net/ Low Vendor Manifest bundle-symbolicname org.apache.commons.net Medium Vendor Manifest implementation-build tags/NET_3_1_RC2@r1244108; 2012-02-14 17:45:12+0000 Low Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor Manifest Implementation-Vendor-Id org.apache Medium Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor pom artifactid commons-net Highest Vendor pom artifactid commons-net Low Vendor pom developer email bruno.davanzo@hp.com Low Vendor pom developer email dfs@apache.org Low Vendor pom developer email Jeff.Brekke@qg.com Low Vendor pom developer email rwinston@apache.org Low Vendor pom developer email scohen@apache.org Low Vendor pom developer id brekke Medium Vendor pom developer id brudav Medium Vendor pom developer id dfs Medium Vendor pom developer id rwinston Medium Vendor pom developer id scohen Medium Vendor pom developer name Bruno D'Avanzo Medium Vendor pom developer name Daniel F. Savarese Medium Vendor pom developer name Jeffrey D. Brekke Medium Vendor pom developer name Rory Winston Medium Vendor pom developer name Steve Cohen Medium Vendor pom developer org
<a href="http://www.savarese.com/">Savarese Software Research</a>
Medium Vendor pom developer org Hewlett-Packard Medium Vendor pom developer org javactivity.org Medium Vendor pom developer org Quad/Graphics, Inc. Medium Vendor pom groupid commons-net Highest Vendor pom name Commons Net High Vendor pom parent-artifactid commons-parent Low Vendor pom parent-groupid org.apache.commons Medium Vendor pom url http://commons.apache.org/net/ Highest Product file name commons-net High Product jar package name apache Highest Product jar package name commons Highest Product jar package name echo Highest Product jar package name finger Highest Product jar package name ftp Highest Product jar package name net Highest Product jar package name nntp Highest Product jar package name pop3 Highest Product jar package name smtp Highest Product jar package name telnet Highest Product jar package name whois Highest Product Manifest bundle-docurl http://commons.apache.org/net/ Low Product Manifest Bundle-Name Commons Net Medium Product Manifest bundle-symbolicname org.apache.commons.net Medium Product Manifest implementation-build tags/NET_3_1_RC2@r1244108; 2012-02-14 17:45:12+0000 Low Product Manifest Implementation-Title Commons Net High Product Manifest specification-title Commons Net Medium Product pom artifactid commons-net Highest Product pom developer email bruno.davanzo@hp.com Low Product pom developer email dfs@apache.org Low Product pom developer email Jeff.Brekke@qg.com Low Product pom developer email rwinston@apache.org Low Product pom developer email scohen@apache.org Low Product pom developer id brekke Low Product pom developer id brudav Low Product pom developer id dfs Low Product pom developer id rwinston Low Product pom developer id scohen Low Product pom developer name Bruno D'Avanzo Low Product pom developer name Daniel F. Savarese Low Product pom developer name Jeffrey D. Brekke Low Product pom developer name Rory Winston Low Product pom developer name Steve Cohen Low Product pom developer org
<a href="http://www.savarese.com/">Savarese Software Research</a>
Low Product pom developer org Hewlett-Packard Low Product pom developer org javactivity.org Low Product pom developer org Quad/Graphics, Inc. Low Product pom groupid commons-net Highest Product pom name Commons Net High Product pom parent-artifactid commons-parent Medium Product pom parent-groupid org.apache.commons Medium Product pom url http://commons.apache.org/net/ Medium Version file version 3.1 High Version Manifest Implementation-Version 3.1 High Version pom parent-version 3.1 Low Version pom version 3.1 Highest
CVE-2021-37533 suppress
Prior to Apache Commons Net 3.9.0, Net's FTP client trusts the host from PASV response by default. A malicious server can redirect the Commons Net code to use a different host, but the user has to connect to the malicious server in the first place. This may lead to leakage of information about services running on the private network of the client. The default in version 3.9.0 is now false to ignore such hosts, as cURL does. See https://issues.apache.org/jira/browse/NET-711. CWE-20 Improper Input Validation
CVSSv3:
Base Score: MEDIUM (6.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:2.8/RC:R/MAV:A References:
Vulnerable Software & Versions:
commons-pool-1.5.4.jarDescription:
Commons Object Pooling Library License:
http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/runner/.m2/repository/commons-pool/commons-pool/1.5.4/commons-pool-1.5.4.jar
MD5: 80e9d1cbd70542f4f293793d109679a9
SHA1: 75b6e20c596ed2945a259cea26d7fadd298398e6
SHA256: 22095672ac3ad6503e42ec6d4cbc330cd1318040223f6c5d9605473b6d2aa0fd
Referenced In Project/Scope: shardingsphere-infra-database-hive:provided
commons-pool-1.5.4.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.hive/hive-jdbc@3.1.3
Evidence Type Source Name Value Confidence Vendor file name commons-pool High Vendor jar package name apache Highest Vendor jar package name commons Highest Vendor jar package name pool Highest Vendor Manifest bundle-docurl http://commons.apache.org/pool/ Low Vendor Manifest bundle-symbolicname org.apache.commons.pool Medium Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor Manifest Implementation-Vendor-Id org.apache Medium Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor pom artifactid commons-pool Highest Vendor pom artifactid commons-pool Low Vendor pom developer id craigmcc Medium Vendor pom developer id dirkv Medium Vendor pom developer id dweinr1 Medium Vendor pom developer id geirm Medium Vendor pom developer id morgand Medium Vendor pom developer id psteitz Medium Vendor pom developer id rdonkin Medium Vendor pom developer id rwaldhoff Medium Vendor pom developer id sandymac Medium Vendor pom developer name Craig McClanahan Medium Vendor pom developer name David Weinrich Medium Vendor pom developer name Dirk Verbeeck Medium Vendor pom developer name Geir Magnusson Medium Vendor pom developer name Morgan Delagrange Medium Vendor pom developer name Phil Steitz Medium Vendor pom developer name Robert Burrell Donkin Medium Vendor pom developer name Rodney Waldhoff Medium Vendor pom developer name Sandy McArthur Medium Vendor pom developer org Apache Software Foundation Medium Vendor pom groupid commons-pool Highest Vendor pom name Commons Pool High Vendor pom parent-artifactid commons-parent Low Vendor pom parent-groupid org.apache.commons Medium Vendor pom url http://commons.apache.org/pool/ Highest Product file name commons-pool High Product jar package name apache Highest Product jar package name commons Highest Product jar package name pool Highest Product Manifest bundle-docurl http://commons.apache.org/pool/ Low Product Manifest Bundle-Name Commons Pool Medium Product Manifest bundle-symbolicname org.apache.commons.pool Medium Product Manifest Implementation-Title Commons Pool High Product Manifest specification-title Commons Pool Medium Product pom artifactid commons-pool Highest Product pom developer id craigmcc Low Product pom developer id dirkv Low Product pom developer id dweinr1 Low Product pom developer id geirm Low Product pom developer id morgand Low Product pom developer id psteitz Low Product pom developer id rdonkin Low Product pom developer id rwaldhoff Low Product pom developer id sandymac Low Product pom developer name Craig McClanahan Low Product pom developer name David Weinrich Low Product pom developer name Dirk Verbeeck Low Product pom developer name Geir Magnusson Low Product pom developer name Morgan Delagrange Low Product pom developer name Phil Steitz Low Product pom developer name Robert Burrell Donkin Low Product pom developer name Rodney Waldhoff Low Product pom developer name Sandy McArthur Low Product pom developer org Apache Software Foundation Low Product pom groupid commons-pool Highest Product pom name Commons Pool High Product pom parent-artifactid commons-parent Medium Product pom parent-groupid org.apache.commons Medium Product pom url http://commons.apache.org/pool/ Medium Version file version 1.5.4 High Version Manifest Bundle-Version 1.5.4 High Version Manifest Implementation-Version 1.5.4 High Version pom parent-version 1.5.4 Low Version pom version 1.5.4 Highest
commons-pool-1.6.jarDescription:
Commons Object Pooling Library License:
http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/runner/.m2/repository/commons-pool/commons-pool/1.6/commons-pool-1.6.jar
MD5: 5ca02245c829422176d23fa530e919cc
SHA1: 4572d589699f09d866a226a14b7f4323c6d8f040
SHA256: 46c42b4a38dc6b2db53a9ee5c92c63db103665d56694e2cfce2c95d51a6860cc
Referenced In Project/Scope: shardingsphere-transaction-base-seata-at:provided
commons-pool-1.6.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/io.seata/seata-all@2.0.0
Evidence Type Source Name Value Confidence Vendor file name commons-pool High Vendor jar package name apache Highest Vendor jar package name commons Highest Vendor jar package name pool Highest Vendor Manifest bundle-docurl http://commons.apache.org/pool/ Low Vendor Manifest bundle-symbolicname org.apache.commons.pool Medium Vendor Manifest implementation-build UNKNOWN_BRANCH@r??????; 2012-01-04 10:31:47-0500 Low Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor Manifest Implementation-Vendor-Id org.apache Medium Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor pom artifactid commons-pool Highest Vendor pom artifactid commons-pool Low Vendor pom developer id craigmcc Medium Vendor pom developer id dirkv Medium Vendor pom developer id dweinr1 Medium Vendor pom developer id geirm Medium Vendor pom developer id ggregory Medium Vendor pom developer id morgand Medium Vendor pom developer id rdonkin Medium Vendor pom developer id rwaldhoff Medium Vendor pom developer id sandymac Medium Vendor pom developer name Craig McClanahan Medium Vendor pom developer name David Weinrich Medium Vendor pom developer name Dirk Verbeeck Medium Vendor pom developer name Gary Gregory Medium Vendor pom developer name Geir Magnusson Medium Vendor pom developer name Morgan Delagrange Medium Vendor pom developer name Robert Burrell Donkin Medium Vendor pom developer name Rodney Waldhoff Medium Vendor pom developer name Sandy McArthur Medium Vendor pom developer org Apache Software Foundation Medium Vendor pom groupid commons-pool Highest Vendor pom name Commons Pool High Vendor pom parent-artifactid commons-parent Low Vendor pom parent-groupid org.apache.commons Medium Vendor pom url http://commons.apache.org/pool/ Highest Product file name commons-pool High Product jar package name apache Highest Product jar package name commons Highest Product jar package name pool Highest Product Manifest bundle-docurl http://commons.apache.org/pool/ Low Product Manifest Bundle-Name Commons Pool Medium Product Manifest bundle-symbolicname org.apache.commons.pool Medium Product Manifest implementation-build UNKNOWN_BRANCH@r??????; 2012-01-04 10:31:47-0500 Low Product Manifest Implementation-Title Commons Pool High Product Manifest specification-title Commons Pool Medium Product pom artifactid commons-pool Highest Product pom developer id craigmcc Low Product pom developer id dirkv Low Product pom developer id dweinr1 Low Product pom developer id geirm Low Product pom developer id ggregory Low Product pom developer id morgand Low Product pom developer id rdonkin Low Product pom developer id rwaldhoff Low Product pom developer id sandymac Low Product pom developer name Craig McClanahan Low Product pom developer name David Weinrich Low Product pom developer name Dirk Verbeeck Low Product pom developer name Gary Gregory Low Product pom developer name Geir Magnusson Low Product pom developer name Morgan Delagrange Low Product pom developer name Robert Burrell Donkin Low Product pom developer name Rodney Waldhoff Low Product pom developer name Sandy McArthur Low Product pom developer org Apache Software Foundation Low Product pom groupid commons-pool Highest Product pom name Commons Pool High Product pom parent-artifactid commons-parent Medium Product pom parent-groupid org.apache.commons Medium Product pom url http://commons.apache.org/pool/ Medium Version file version 1.6 High Version Manifest Implementation-Version 1.6 High Version pom parent-version 1.6 Low Version pom version 1.6 Highest
commons-pool2-2.11.1.jarDescription:
The Apache Commons Object Pooling Library. License:
https://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/runner/.m2/repository/org/apache/commons/commons-pool2/2.11.1/commons-pool2-2.11.1.jar
MD5: 2210a041929e7c94485d5402458340b9
SHA1: 8970fd110c965f285ed4c6e40be7630c62db6f68
SHA256: ea0505ee7515e58b1ac0e686e4d1a5d9f7d808e251a61bc371aa0595b9963f83
Referenced In Project/Scope: shardingsphere-global-clock-tso-provider-redis:provided
commons-pool2-2.11.1.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/redis.clients/jedis@4.4.6
Evidence Type Source Name Value Confidence Vendor file name commons-pool2 High Vendor jar package name apache Highest Vendor jar package name commons Highest Vendor jar package name pool2 Highest Vendor Manifest automatic-module-name org.apache.commons.pool2 Medium Vendor Manifest build-jdk-spec 1.8 Low Vendor Manifest bundle-docurl https://commons.apache.org/proper/commons-pool/ Low Vendor Manifest bundle-symbolicname org.apache.commons.commons-pool2 Medium Vendor Manifest implementation-build release@rabb1a0797b406566f0214c688871ab7e8fdc2601; 2021-08-14 13:51:45+0000 Low Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor Manifest Implementation-Vendor-Id org.apache Medium Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor pom artifactid commons-pool2 Highest Vendor pom artifactid commons-pool2 Low Vendor pom developer email ggregory at apache.org Low Vendor pom developer id craigmcc Medium Vendor pom developer id dirkv Medium Vendor pom developer id dweinr1 Medium Vendor pom developer id geirm Medium Vendor pom developer id ggregory Medium Vendor pom developer id mattsicker Medium Vendor pom developer id morgand Medium Vendor pom developer id rdonkin Medium Vendor pom developer id rwaldhoff Medium Vendor pom developer id sandymac Medium Vendor pom developer id simonetripodi Medium Vendor pom developer name Craig McClanahan Medium Vendor pom developer name David Weinrich Medium Vendor pom developer name Dirk Verbeeck Medium Vendor pom developer name Gary Gregory Medium Vendor pom developer name Geir Magnusson Medium Vendor pom developer name Matt Sicker Medium Vendor pom developer name Morgan Delagrange Medium Vendor pom developer name Robert Burrell Donkin Medium Vendor pom developer name Rodney Waldhoff Medium Vendor pom developer name Sandy McArthur Medium Vendor pom developer name Simone Tripodi Medium Vendor pom developer org The Apache Software Foundation Medium Vendor pom developer org URL https://www.apache.org/ Medium Vendor pom groupid org.apache.commons Highest Vendor pom name Apache Commons Pool High Vendor pom parent-artifactid commons-parent Low Vendor pom url https://commons.apache.org/proper/commons-pool/ Highest Product file name commons-pool2 High Product jar package name apache Highest Product jar package name commons Highest Product jar package name pool2 Highest Product Manifest automatic-module-name org.apache.commons.pool2 Medium Product Manifest build-jdk-spec 1.8 Low Product Manifest bundle-docurl https://commons.apache.org/proper/commons-pool/ Low Product Manifest Bundle-Name Apache Commons Pool Medium Product Manifest bundle-symbolicname org.apache.commons.commons-pool2 Medium Product Manifest implementation-build release@rabb1a0797b406566f0214c688871ab7e8fdc2601; 2021-08-14 13:51:45+0000 Low Product Manifest Implementation-Title Apache Commons Pool High Product Manifest specification-title Apache Commons Pool Medium Product pom artifactid commons-pool2 Highest Product pom developer email ggregory at apache.org Low Product pom developer id craigmcc Low Product pom developer id dirkv Low Product pom developer id dweinr1 Low Product pom developer id geirm Low Product pom developer id ggregory Low Product pom developer id mattsicker Low Product pom developer id morgand Low Product pom developer id rdonkin Low Product pom developer id rwaldhoff Low Product pom developer id sandymac Low Product pom developer id simonetripodi Low Product pom developer name Craig McClanahan Low Product pom developer name David Weinrich Low Product pom developer name Dirk Verbeeck Low Product pom developer name Gary Gregory Low Product pom developer name Geir Magnusson Low Product pom developer name Matt Sicker Low Product pom developer name Morgan Delagrange Low Product pom developer name Robert Burrell Donkin Low Product pom developer name Rodney Waldhoff Low Product pom developer name Sandy McArthur Low Product pom developer name Simone Tripodi Low Product pom developer org The Apache Software Foundation Low Product pom developer org URL https://www.apache.org/ Low Product pom groupid org.apache.commons Highest Product pom name Apache Commons Pool High Product pom parent-artifactid commons-parent Medium Product pom url https://commons.apache.org/proper/commons-pool/ Medium Version file version 2.11.1 High Version Manifest Bundle-Version 2.11.1 High Version Manifest Implementation-Version 2.11.1 High Version pom parent-version 2.11.1 Low Version pom version 2.11.1 Highest
commons-pool2-2.6.1.jar commons-pool2-2.9.0.jarDescription:
The Apache Commons Object Pooling Library. License:
https://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/runner/.m2/repository/org/apache/commons/commons-pool2/2.9.0/commons-pool2-2.9.0.jar
MD5: 1f14cc5528953687f915bddf4fe150ec
SHA1: 58e9e8bbd29cf3e7861cb80c0a615770baffe840
SHA256: bc919b426bfafb31ecc45d6652a9f137462465d849fb3873d78d90c3f8d35b01
Referenced In Project/Scope: shardingsphere-transaction-base-seata-at:provided
commons-pool2-2.9.0.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/io.seata/seata-all@2.0.0
Evidence Type Source Name Value Confidence Vendor file name commons-pool2 High Vendor jar package name apache Highest Vendor jar package name commons Highest Vendor jar package name pool2 Highest Vendor Manifest automatic-module-name org.apache.commons.pool2 Medium Vendor Manifest build-jdk-spec 1.8 Low Vendor Manifest bundle-docurl https://commons.apache.org/proper/commons-pool/ Low Vendor Manifest bundle-symbolicname org.apache.commons.commons-pool2 Medium Vendor Manifest implementation-build release@re855619858edd5aae1a6b49788bb7212eb77ec23; 2020-09-25 17:30:04+0000 Low Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor Manifest Implementation-Vendor-Id org.apache Medium Vendor Manifest originally-created-by Apache Maven Bundle Plugin Low Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor pom artifactid commons-pool2 Highest Vendor pom artifactid commons-pool2 Low Vendor pom developer id craigmcc Medium Vendor pom developer id dirkv Medium Vendor pom developer id dweinr1 Medium Vendor pom developer id geirm Medium Vendor pom developer id ggregory Medium Vendor pom developer id mattsicker Medium Vendor pom developer id morgand Medium Vendor pom developer id rdonkin Medium Vendor pom developer id rwaldhoff Medium Vendor pom developer id sandymac Medium Vendor pom developer id simonetripodi Medium Vendor pom developer name Craig McClanahan Medium Vendor pom developer name David Weinrich Medium Vendor pom developer name Dirk Verbeeck Medium Vendor pom developer name Gary Gregory Medium Vendor pom developer name Geir Magnusson Medium Vendor pom developer name Matt Sicker Medium Vendor pom developer name Morgan Delagrange Medium Vendor pom developer name Robert Burrell Donkin Medium Vendor pom developer name Rodney Waldhoff Medium Vendor pom developer name Sandy McArthur Medium Vendor pom developer name Simone Tripodi Medium Vendor pom developer org The Apache Software Foundation Medium Vendor pom groupid org.apache.commons Highest Vendor pom name Apache Commons Pool High Vendor pom parent-artifactid commons-parent Low Vendor pom url https://commons.apache.org/proper/commons-pool/ Highest Product file name commons-pool2 High Product jar package name apache Highest Product jar package name commons Highest Product jar package name pool2 Highest Product Manifest automatic-module-name org.apache.commons.pool2 Medium Product Manifest build-jdk-spec 1.8 Low Product Manifest bundle-docurl https://commons.apache.org/proper/commons-pool/ Low Product Manifest Bundle-Name Apache Commons Pool Medium Product Manifest bundle-symbolicname org.apache.commons.commons-pool2 Medium Product Manifest implementation-build release@re855619858edd5aae1a6b49788bb7212eb77ec23; 2020-09-25 17:30:04+0000 Low Product Manifest Implementation-Title Apache Commons Pool High Product Manifest originally-created-by Apache Maven Bundle Plugin Low Product Manifest specification-title Apache Commons Pool Medium Product pom artifactid commons-pool2 Highest Product pom developer id craigmcc Low Product pom developer id dirkv Low Product pom developer id dweinr1 Low Product pom developer id geirm Low Product pom developer id ggregory Low Product pom developer id mattsicker Low Product pom developer id morgand Low Product pom developer id rdonkin Low Product pom developer id rwaldhoff Low Product pom developer id sandymac Low Product pom developer id simonetripodi Low Product pom developer name Craig McClanahan Low Product pom developer name David Weinrich Low Product pom developer name Dirk Verbeeck Low Product pom developer name Gary Gregory Low Product pom developer name Geir Magnusson Low Product pom developer name Matt Sicker Low Product pom developer name Morgan Delagrange Low Product pom developer name Robert Burrell Donkin Low Product pom developer name Rodney Waldhoff Low Product pom developer name Sandy McArthur Low Product pom developer name Simone Tripodi Low Product pom developer org The Apache Software Foundation Low Product pom groupid org.apache.commons Highest Product pom name Apache Commons Pool High Product pom parent-artifactid commons-parent Medium Product pom url https://commons.apache.org/proper/commons-pool/ Medium Version file version 2.9.0 High Version Manifest Bundle-Version 2.9.0 High Version Manifest Implementation-Version 2.9.0 High Version pom parent-version 2.9.0 Low Version pom version 2.9.0 Highest
config-1.2.1.jarDescription:
config License:
Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0 File Path: /home/runner/.m2/repository/com/typesafe/config/1.2.1/config-1.2.1.jar
MD5: 3aaf3c6e76a68e732c17d4a7e9877d81
SHA1: f771f71fdae3df231bcd54d5ca2d57f0bf93f467
SHA256: c160fbd78f51a0c2375a794e435ce2112524a6871f64d0331895e9e26ee8b9ee
Referenced In Project/Scope: shardingsphere-transaction-base-seata-at:provided
config-1.2.1.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/io.seata/seata-all@2.0.0
Evidence Type Source Name Value Confidence Vendor file name config High Vendor jar package name config Highest Vendor jar package name typesafe Highest Vendor Manifest bundle-symbolicname com.typesafe.config Medium Vendor pom artifactid config Highest Vendor pom artifactid config Low Vendor pom developer id havocp Medium Vendor pom developer name Havoc Pennington Medium Vendor pom groupid com.typesafe Highest Vendor pom name config High Vendor pom organization name com.typesafe High Vendor pom url typesafehub/config Highest Product file name config High Product jar package name config Highest Product jar package name typesafe Highest Product Manifest Bundle-Name com.typesafe.config Medium Product Manifest bundle-symbolicname com.typesafe.config Medium Product pom artifactid config Highest Product pom developer id havocp Low Product pom developer name Havoc Pennington Low Product pom groupid com.typesafe Highest Product pom name config High Product pom organization name com.typesafe Low Product pom url typesafehub/config High Version file version 1.2.1 High Version Manifest Bundle-Version 1.2.1 High Version pom version 1.2.1 Highest
curator-client-5.6.0.jar (shaded: com.google.guava:listenablefuture:1.0)Description:
Contains Guava's com.google.common.util.concurrent.ListenableFuture class,
without any of its other classes -- but is also available in a second
"version" that omits the class to avoid conflicts with the copy in Guava
itself. The idea is:
- If users want only ListenableFuture, they depend on listenablefuture-1.0.
- If users want all of Guava, they depend on guava, which, as of Guava
27.0, depends on
listenablefuture-9999.0-empty-to-avoid-conflict-with-guava. The 9999.0-...
version number is enough for some build systems (notably, Gradle) to select
that empty artifact over the "real" listenablefuture-1.0 -- avoiding a
conflict with the copy of ListenableFuture in guava itself. If users are
using an older version of Guava or a build system other than Gradle, they
may see class conflicts. If so, they can solve them by manually excluding
the listenablefuture artifact or manually forcing their build systems to
use 9999.0-....
File Path: /home/runner/.m2/repository/org/apache/curator/curator-client/5.6.0/curator-client-5.6.0.jar/META-INF/maven/com.google.guava/listenablefuture/pom.xmlMD5: 7e456a5988661ce1558e9ca95397b1daSHA1: 3e71124fc28b44e29eaa31abbc267faef7ee7d40SHA256: 53873caf26bc1ed8a567ea6c939ab2aaa3f47a5e32d5cade95ddf5080d23238aReferenced In Projects/Scopes:
shardingsphere-cluster-mode-repository-zookeeper:compile shardingsphere-agent-metrics-core:provided shardingsphere-proxy-native-distribution:compile shardingsphere-agent-tracing-core:provided shardingsphere-test-e2e-sql:compile shardingsphere-proxy-backend-hbase:compile shardingsphere-agent-logging-file:provided shardingsphere-test-e2e-fixture:compile shardingsphere-agent-plugin-core:provided shardingsphere-test-e2e-agent-plugins-zipkin:compile shardingsphere-agent-plugin-logging:provided shardingsphere-test-e2e-showprocesslist:compile shardingsphere-proxy-distribution:compile shardingsphere-infra-database-hive:provided shardingsphere-test-e2e-transaction:compile shardingsphere-agent-metrics-type:provided shardingsphere-agent-tracing-opentelemetry:provided shardingsphere-data-pipeline-opengauss:compile shardingsphere-data-pipeline-core:compile shardingsphere-test-e2e-agent-plugins-logging-file:compile shardingsphere-schedule-core:compile shardingsphere-agent-tracing-type:provided shardingsphere-proxy-frontend-spi:compile shardingsphere-agent-plugins:provided shardingsphere-agent-plugin-tracing:provided shardingsphere-test-e2e-pipeline:compile shardingsphere-proxy-backend-opengauss:compile shardingsphere-data-pipeline-scenario-consistencycheck:compile shardingsphere-test-e2e-agent-plugins-metrics-prometheus:compile shardingsphere-test-e2e-agent-plugins-jaeger:compile shardingsphere-proxy-backend-postgresql:compile shardingsphere-agent-logging-type:provided shardingsphere-data-pipeline-cdc-core:compile shardingsphere-data-pipeline-postgresql:compile shardingsphere-data-pipeline-mysql:compile shardingsphere-test-e2e-env:compile shardingsphere-proxy-frontend-opengauss:compile shardingsphere-proxy-backend-core:compile shardingsphere-test-it-pipeline:compile shardingsphere-proxy-frontend-postgresql:compile shardingsphere-agent-metrics-prometheus:provided shardingsphere-proxy-frontend-mysql:compile shardingsphere-test-e2e-agent-plugins-common:compile shardingsphere-proxy-frontend-core:compile shardingsphere-proxy-bootstrap:compile shardingsphere-data-pipeline-distsql-handler:compile shardingsphere-agent-plugin-metrics:provided shardingsphere-data-pipeline-scenario-migration:compile shardingsphere-proxy-backend-mysql:compile Evidence Type Source Name Value Confidence Vendor pom artifactid listenablefuture Low Vendor pom groupid com.google.guava Highest Vendor pom name Guava ListenableFuture only High Vendor pom parent-artifactid guava-parent Low Product pom artifactid listenablefuture Highest Product pom groupid com.google.guava Highest Product pom name Guava ListenableFuture only High Product pom parent-artifactid guava-parent Medium Version pom parent-version 1.0 Low Version pom version 1.0 Highest
curator-client-5.6.0.jarDescription:
Low-level API License:
https://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/runner/.m2/repository/org/apache/curator/curator-client/5.6.0/curator-client-5.6.0.jar
MD5: cd57168215e3c4002c7f334e268842d9
SHA1: a5ae5d629e1417b3e71d58f72161670deac1bc3a
SHA256: e7bc597a5d76edd4cec376bee5beda385bb234287f6c65d94379755380a9eb01
Referenced In Projects/Scopes: shardingsphere-cluster-mode-repository-zookeeper:compile shardingsphere-agent-metrics-core:provided shardingsphere-proxy-native-distribution:compile shardingsphere-agent-tracing-core:provided shardingsphere-test-e2e-sql:compile shardingsphere-proxy-backend-hbase:compile shardingsphere-agent-logging-file:provided shardingsphere-test-e2e-fixture:compile shardingsphere-agent-plugin-core:provided shardingsphere-test-e2e-agent-plugins-zipkin:compile shardingsphere-agent-plugin-logging:provided shardingsphere-test-e2e-showprocesslist:compile shardingsphere-proxy-distribution:compile shardingsphere-infra-database-hive:provided shardingsphere-test-e2e-transaction:compile shardingsphere-agent-metrics-type:provided shardingsphere-agent-tracing-opentelemetry:provided shardingsphere-data-pipeline-opengauss:compile shardingsphere-data-pipeline-core:compile shardingsphere-test-e2e-agent-plugins-logging-file:compile shardingsphere-schedule-core:compile shardingsphere-agent-tracing-type:provided shardingsphere-proxy-frontend-spi:compile shardingsphere-agent-plugins:provided shardingsphere-agent-plugin-tracing:provided shardingsphere-test-e2e-pipeline:compile shardingsphere-proxy-backend-opengauss:compile shardingsphere-data-pipeline-scenario-consistencycheck:compile shardingsphere-test-e2e-agent-plugins-metrics-prometheus:compile shardingsphere-test-e2e-agent-plugins-jaeger:compile shardingsphere-proxy-backend-postgresql:compile shardingsphere-agent-logging-type:provided shardingsphere-data-pipeline-cdc-core:compile shardingsphere-data-pipeline-postgresql:compile shardingsphere-data-pipeline-mysql:compile shardingsphere-test-e2e-env:compile shardingsphere-proxy-frontend-opengauss:compile shardingsphere-proxy-backend-core:compile shardingsphere-test-it-pipeline:compile shardingsphere-proxy-frontend-postgresql:compile shardingsphere-agent-metrics-prometheus:provided shardingsphere-proxy-frontend-mysql:compile shardingsphere-test-e2e-agent-plugins-common:compile shardingsphere-proxy-frontend-core:compile shardingsphere-proxy-bootstrap:compile shardingsphere-data-pipeline-distsql-handler:compile shardingsphere-agent-plugin-metrics:provided shardingsphere-data-pipeline-scenario-migration:compile shardingsphere-proxy-backend-mysql:compile curator-client-5.6.0.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-env@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-bootstrap@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-scenario-consistencycheck@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-cluster-mode-repository-zookeeper@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-common@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-bootstrap@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-bootstrap@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere.elasticjob/elasticjob-lite-core@3.0.4 pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-fixture@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-common@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-bootstrap@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-postgresql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-mysql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-bootstrap@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-bootstrap@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-postgresql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-cluster-mode-repository-zookeeper@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-common@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-cluster-mode-repository-zookeeper@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-env@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-fixture@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-cluster-mode-repository-zookeeper@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.hive/hive-jdbc@3.1.3 pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-bootstrap@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-common@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT Evidence Type Source Name Value Confidence Vendor file name curator-client High Vendor jar package name apache Highest Vendor jar package name curator Highest Vendor Manifest build-jdk-spec 21 Low Vendor Manifest bundle-docurl https://www.apache.org/ Low Vendor Manifest bundle-symbolicname curator-client Medium Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor pom artifactid curator-client Highest Vendor pom artifactid curator-client Low Vendor pom groupid org.apache.curator Highest Vendor pom name Curator Client High Vendor pom parent-artifactid apache-curator Low Product file name curator-client High Product jar package name apache Highest Product jar package name curator Highest Product Manifest build-jdk-spec 21 Low Product Manifest bundle-docurl https://www.apache.org/ Low Product Manifest Bundle-Name Curator Client Medium Product Manifest bundle-symbolicname curator-client Medium Product Manifest Implementation-Title Curator Client High Product Manifest specification-title Curator Client Medium Product pom artifactid curator-client Highest Product pom groupid org.apache.curator Highest Product pom name Curator Client High Product pom parent-artifactid apache-curator Medium Version file version 5.6.0 High Version Manifest Bundle-Version 5.6.0 High Version Manifest Implementation-Version 5.6.0 High Version pom version 5.6.0 Highest
curator-framework-5.6.0.jarDescription:
High-level API that greatly simplifies using ZooKeeper. License:
https://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/runner/.m2/repository/org/apache/curator/curator-framework/5.6.0/curator-framework-5.6.0.jar
MD5: 9563e1dd031c3dffca497850a57dc2de
SHA1: d9a1c9a3fc6da2d54eb80bde70f0b8c3b1c0e875
SHA256: 517764f0f4e3c0479622eabbed55ea0fce07021be8d395c1404509b8c544b14e
Referenced In Projects/Scopes: shardingsphere-cluster-mode-repository-zookeeper:compile shardingsphere-agent-metrics-core:provided shardingsphere-proxy-native-distribution:compile shardingsphere-agent-tracing-core:provided shardingsphere-test-e2e-sql:compile shardingsphere-proxy-backend-hbase:compile shardingsphere-agent-logging-file:provided shardingsphere-test-e2e-fixture:compile shardingsphere-agent-plugin-core:provided shardingsphere-test-e2e-agent-plugins-zipkin:compile shardingsphere-agent-plugin-logging:provided shardingsphere-test-e2e-showprocesslist:compile shardingsphere-proxy-distribution:compile shardingsphere-infra-database-hive:provided shardingsphere-test-e2e-transaction:compile shardingsphere-agent-metrics-type:provided shardingsphere-agent-tracing-opentelemetry:provided shardingsphere-data-pipeline-opengauss:compile shardingsphere-data-pipeline-core:compile shardingsphere-test-e2e-agent-plugins-logging-file:compile shardingsphere-schedule-core:compile shardingsphere-agent-tracing-type:provided shardingsphere-proxy-frontend-spi:compile shardingsphere-agent-plugins:provided shardingsphere-agent-plugin-tracing:provided shardingsphere-test-e2e-pipeline:compile shardingsphere-proxy-backend-opengauss:compile shardingsphere-data-pipeline-scenario-consistencycheck:compile shardingsphere-test-e2e-agent-plugins-metrics-prometheus:compile shardingsphere-test-e2e-agent-plugins-jaeger:compile shardingsphere-proxy-backend-postgresql:compile shardingsphere-agent-logging-type:provided shardingsphere-data-pipeline-cdc-core:compile shardingsphere-data-pipeline-postgresql:compile shardingsphere-data-pipeline-mysql:compile shardingsphere-test-e2e-env:compile shardingsphere-proxy-frontend-opengauss:compile shardingsphere-proxy-backend-core:compile shardingsphere-test-it-pipeline:compile shardingsphere-proxy-frontend-postgresql:compile shardingsphere-agent-metrics-prometheus:provided shardingsphere-proxy-frontend-mysql:compile shardingsphere-test-e2e-agent-plugins-common:compile shardingsphere-proxy-frontend-core:compile shardingsphere-proxy-bootstrap:compile shardingsphere-data-pipeline-distsql-handler:compile shardingsphere-agent-plugin-metrics:provided shardingsphere-data-pipeline-scenario-migration:compile shardingsphere-proxy-backend-mysql:compile curator-framework-5.6.0.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.hive/hive-jdbc@3.1.3 pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-fixture@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-common@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-env@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-bootstrap@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-bootstrap@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-env@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-cluster-mode-repository-zookeeper@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-fixture@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-bootstrap@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere.elasticjob/elasticjob-lite-core@3.0.4 pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-scenario-consistencycheck@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-postgresql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-common@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-bootstrap@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-mysql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-common@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-postgresql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-bootstrap@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-cluster-mode-repository-zookeeper@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-cluster-mode-repository-zookeeper@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-common@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-cluster-mode-repository-zookeeper@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-bootstrap@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-bootstrap@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-core@5.5.1-SNAPSHOT Evidence Type Source Name Value Confidence Vendor file name curator-framework High Vendor jar package name apache Highest Vendor jar package name api Highest Vendor jar package name curator Highest Vendor jar package name framework Highest Vendor Manifest build-jdk-spec 21 Low Vendor Manifest bundle-docurl https://www.apache.org/ Low Vendor Manifest bundle-symbolicname curator-framework Medium Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor pom artifactid curator-framework Highest Vendor pom artifactid curator-framework Low Vendor pom groupid org.apache.curator Highest Vendor pom name Curator Framework High Vendor pom parent-artifactid apache-curator Low Product file name curator-framework High Product jar package name apache Highest Product jar package name api Highest Product jar package name curator Highest Product jar package name framework Highest Product Manifest build-jdk-spec 21 Low Product Manifest bundle-docurl https://www.apache.org/ Low Product Manifest Bundle-Name Curator Framework Medium Product Manifest bundle-symbolicname curator-framework Medium Product Manifest Implementation-Title Curator Framework High Product Manifest specification-title Curator Framework Medium Product pom artifactid curator-framework Highest Product pom groupid org.apache.curator Highest Product pom name Curator Framework High Product pom parent-artifactid apache-curator Medium Version file version 5.6.0 High Version Manifest Bundle-Version 5.6.0 High Version Manifest Implementation-Version 5.6.0 High Version pom version 5.6.0 Highest
curator-recipes-5.6.0.jarDescription:
All of the recipes listed on the ZooKeeper recipes doc (except two phase commit). License:
https://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/runner/.m2/repository/org/apache/curator/curator-recipes/5.6.0/curator-recipes-5.6.0.jar
MD5: f6797b488aee5e50da8b25712e06246f
SHA1: d6b27dad93d00f7f811888ff5b37ae07a7b4f36c
SHA256: 372bd2ddd19110e4c2215f0d1e913614cf343a1fadf7b2b5807adb07e71aea81
Referenced In Projects/Scopes: shardingsphere-cluster-mode-repository-zookeeper:compile shardingsphere-agent-metrics-core:provided shardingsphere-proxy-native-distribution:compile shardingsphere-agent-tracing-core:provided shardingsphere-test-e2e-sql:compile shardingsphere-proxy-backend-hbase:compile shardingsphere-agent-logging-file:provided shardingsphere-test-e2e-fixture:compile shardingsphere-agent-plugin-core:provided shardingsphere-test-e2e-agent-plugins-zipkin:compile shardingsphere-agent-plugin-logging:provided shardingsphere-test-e2e-showprocesslist:compile shardingsphere-proxy-distribution:compile shardingsphere-infra-database-hive:provided shardingsphere-test-e2e-transaction:compile shardingsphere-agent-metrics-type:provided shardingsphere-agent-tracing-opentelemetry:provided shardingsphere-data-pipeline-opengauss:compile shardingsphere-data-pipeline-core:compile shardingsphere-test-e2e-agent-plugins-logging-file:compile shardingsphere-schedule-core:compile shardingsphere-agent-tracing-type:provided shardingsphere-proxy-frontend-spi:compile shardingsphere-agent-plugins:provided shardingsphere-agent-plugin-tracing:provided shardingsphere-test-e2e-pipeline:compile shardingsphere-proxy-backend-opengauss:compile shardingsphere-data-pipeline-scenario-consistencycheck:compile shardingsphere-test-e2e-agent-plugins-metrics-prometheus:compile shardingsphere-test-e2e-agent-plugins-jaeger:compile shardingsphere-proxy-backend-postgresql:compile shardingsphere-agent-logging-type:provided shardingsphere-data-pipeline-cdc-core:compile shardingsphere-data-pipeline-postgresql:compile shardingsphere-data-pipeline-mysql:compile shardingsphere-test-e2e-env:compile shardingsphere-proxy-frontend-opengauss:compile shardingsphere-proxy-backend-core:compile shardingsphere-test-it-pipeline:compile shardingsphere-proxy-frontend-postgresql:compile shardingsphere-agent-metrics-prometheus:provided shardingsphere-proxy-frontend-mysql:compile shardingsphere-test-e2e-agent-plugins-common:compile shardingsphere-proxy-frontend-core:compile shardingsphere-proxy-bootstrap:compile shardingsphere-data-pipeline-distsql-handler:compile shardingsphere-agent-plugin-metrics:provided shardingsphere-data-pipeline-scenario-migration:compile shardingsphere-proxy-backend-mysql:compile curator-recipes-5.6.0.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-env@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-bootstrap@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-cluster-mode-repository-zookeeper@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere.elasticjob/elasticjob-lite-core@3.0.4 pkg:maven/org.apache.shardingsphere/shardingsphere-cluster-mode-repository-zookeeper@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-cluster-mode-repository-zookeeper@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-bootstrap@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-common@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-scenario-consistencycheck@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-common@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-bootstrap@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-fixture@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-postgresql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-mysql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-bootstrap@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-common@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-bootstrap@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-env@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-fixture@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.hive/hive-jdbc@3.1.3 pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-postgresql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-bootstrap@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-common@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-bootstrap@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-cluster-mode-repository-zookeeper@5.5.1-SNAPSHOT Evidence Type Source Name Value Confidence Vendor file name curator-recipes High Vendor jar package name apache Highest Vendor jar package name curator Highest Vendor jar package name recipes Highest Vendor Manifest build-jdk-spec 21 Low Vendor Manifest bundle-docurl https://www.apache.org/ Low Vendor Manifest bundle-symbolicname curator-recipes Medium Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor pom artifactid curator-recipes Highest Vendor pom artifactid curator-recipes Low Vendor pom groupid org.apache.curator Highest Vendor pom name Curator Recipes High Vendor pom parent-artifactid apache-curator Low Product file name curator-recipes High Product jar package name apache Highest Product jar package name curator Highest Product jar package name recipes Highest Product Manifest build-jdk-spec 21 Low Product Manifest bundle-docurl https://www.apache.org/ Low Product Manifest Bundle-Name Curator Recipes Medium Product Manifest bundle-symbolicname curator-recipes Medium Product Manifest Implementation-Title Curator Recipes High Product Manifest specification-title Curator Recipes Medium Product pom artifactid curator-recipes Highest Product pom groupid org.apache.curator Highest Product pom name Curator Recipes High Product pom parent-artifactid apache-curator Medium Version file version 5.6.0 High Version Manifest Bundle-Version 5.6.0 High Version Manifest Implementation-Version 5.6.0 High Version pom version 5.6.0 Highest
datanucleus-api-jdo-4.2.4.jarDescription:
Plugin providing DataNucleus implementation of the JDO API.
License:
http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/runner/.m2/repository/org/datanucleus/datanucleus-api-jdo/4.2.4/datanucleus-api-jdo-4.2.4.jar
MD5: f54789e11168bdfa5063d5241573ff21
SHA1: 7e2c71f7eb9b40b660d009c3ea1b55fb71694bca
SHA256: f30f1f09658329190811468e58a622f069d97a7284d67a88b8d01c809ab3d1f3
Referenced In Project/Scope: shardingsphere-infra-database-hive:provided
datanucleus-api-jdo-4.2.4.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.hive/hive-jdbc@3.1.3
Evidence Type Source Name Value Confidence Vendor file name datanucleus-api-jdo High Vendor jar package name api Highest Vendor jar package name datanucleus Highest Vendor jar package name jdo Highest Vendor Manifest bundle-symbolicname org.datanucleus.api.jdo;singleton:=true Medium Vendor pom artifactid datanucleus-api-jdo Highest Vendor pom artifactid datanucleus-api-jdo Low Vendor pom groupid org.datanucleus Highest Vendor pom name DataNucleus JDO API plugin High Vendor pom parent-artifactid datanucleus-maven-parent Low Product file name datanucleus-api-jdo High Product jar package name api Highest Product jar package name datanucleus Highest Product jar package name jdo Highest Product Manifest Bundle-Name DataNucleus JDO API plugin Medium Product Manifest bundle-symbolicname org.datanucleus.api.jdo;singleton:=true Medium Product pom artifactid datanucleus-api-jdo Highest Product pom groupid org.datanucleus Highest Product pom name DataNucleus JDO API plugin High Product pom parent-artifactid datanucleus-maven-parent Medium Version file version 4.2.4 High Version Manifest Bundle-Version 4.2.4 High Version pom parent-version 4.2.4 Low Version pom version 4.2.4 Highest
datanucleus-core-4.1.17.jarDescription:
DataNucleus Core provides the primary components of a heterogenous Java persistence solution.
It supports persistence API's being layered on top of the core functionality.
License:
http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/runner/.m2/repository/org/datanucleus/datanucleus-core/4.1.17/datanucleus-core-4.1.17.jar
MD5: 56845c7af1890cde68d67c39f2d0e1d3
SHA1: c03898d49b506b60849fe1db39d04ab27fa15422
SHA256: adb64b5ec1837821e289fc82b04c13f6b5a2f1c68a24628bcec6a7c43b5f5bca
Referenced In Project/Scope: shardingsphere-infra-database-hive:provided
datanucleus-core-4.1.17.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.hive/hive-jdbc@3.1.3
Evidence Type Source Name Value Confidence Vendor file name datanucleus-core High Vendor jar package name api Highest Vendor jar package name datanucleus Highest Vendor Manifest bundle-symbolicname org.datanucleus;singleton:=true Medium Vendor pom artifactid datanucleus-core Highest Vendor pom artifactid datanucleus-core Low Vendor pom groupid org.datanucleus Highest Vendor pom name DataNucleus Core High Vendor pom parent-artifactid datanucleus-maven-parent Low Product file name datanucleus-core High Product jar package name api Highest Product jar package name datanucleus Highest Product Manifest Bundle-Name DataNucleus Core Medium Product Manifest bundle-symbolicname org.datanucleus;singleton:=true Medium Product pom artifactid datanucleus-core Highest Product pom groupid org.datanucleus Highest Product pom name DataNucleus Core High Product pom parent-artifactid datanucleus-maven-parent Medium Version file version 4.1.17 High Version Manifest Bundle-Version 4.1.17 High Version pom parent-version 4.1.17 Low Version pom version 4.1.17 Highest
datanucleus-rdbms-4.1.19.jarDescription:
Plugin for DataNucleus providing persistence to RDBMS datastores.
License:
http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/runner/.m2/repository/org/datanucleus/datanucleus-rdbms/4.1.19/datanucleus-rdbms-4.1.19.jar
MD5: 7d1ad32dea1b7f5bf2d6c04e83a7bb17
SHA1: 923fa411f49cca5dbb6221140b1ae89c90b3a3fd
SHA256: a189e10fb48dc0fa550721ee2206a1df8a2fd68d213149bf68793976b0ade687
Referenced In Project/Scope: shardingsphere-infra-database-hive:provided
datanucleus-rdbms-4.1.19.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.hive/hive-jdbc@3.1.3
Evidence Type Source Name Value Confidence Vendor file name datanucleus-rdbms High Vendor jar package name datanucleus Highest Vendor jar package name rdbms Highest Vendor jar package name store Highest Vendor Manifest bundle-symbolicname org.datanucleus.store.rdbms;singleton:=true Medium Vendor pom artifactid datanucleus-rdbms Highest Vendor pom artifactid datanucleus-rdbms Low Vendor pom groupid org.datanucleus Highest Vendor pom name DataNucleus RDBMS plugin High Vendor pom parent-artifactid datanucleus-maven-parent Low Product file name datanucleus-rdbms High Product jar package name datanucleus Highest Product jar package name rdbms Highest Product jar package name store Highest Product Manifest Bundle-Name DataNucleus RDBMS plugin Medium Product Manifest bundle-symbolicname org.datanucleus.store.rdbms;singleton:=true Medium Product pom artifactid datanucleus-rdbms Highest Product pom groupid org.datanucleus Highest Product pom name DataNucleus RDBMS plugin High Product pom parent-artifactid datanucleus-maven-parent Medium Version file version 4.1.19 High Version Manifest Bundle-Version 4.1.19 High Version pom parent-version 4.1.19 Low Version pom version 4.1.19 Highest
derby-10.14.1.0.jarDescription:
Contains the core Apache Derby database engine, which also includes the embedded JDBC driver. File Path: /home/runner/.m2/repository/org/apache/derby/derby/10.14.1.0/derby-10.14.1.0.jarMD5: 798a9e88c1c8146aa74e0686d2ad5598SHA1: 3bcd8b1af3f8cd022d54d331e00064776be04f9cSHA256: 7337795a7079a6412894b68193343c8f0bd33a4ebc4a2a4fbc592a8b74b44ebfReferenced In Project/Scope: shardingsphere-infra-database-hive:providedderby-10.14.1.0.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.hive/hive-jdbc@3.1.3
Evidence Type Source Name Value Confidence Vendor file name derby High Vendor jar package name apache Highest Vendor jar package name database Highest Vendor jar package name derby Highest Vendor jar package name jdbc Highest Vendor Manifest bundle-symbolicname derby Medium Vendor pom artifactid derby Highest Vendor pom artifactid derby Low Vendor pom groupid org.apache.derby Highest Vendor pom name Apache Derby Database Engine and Embedded JDBC Driver High Vendor pom parent-artifactid derby-project Low Vendor pom url http://db.apache.org/derby/ Highest Product file name derby High Product jar package name apache Highest Product jar package name database Highest Product jar package name derby Highest Product jar package name jdbc Highest Product Manifest Bundle-Name Apache Derby 10.14 Medium Product Manifest bundle-symbolicname derby Medium Product pom artifactid derby Highest Product pom groupid org.apache.derby Highest Product pom name Apache Derby Database Engine and Embedded JDBC Driver High Product pom parent-artifactid derby-project Medium Product pom url http://db.apache.org/derby/ Medium Version file version 10.14.1.0 High Version pom version 10.14.1.0 Highest
CVE-2022-46337 suppress
A cleverly devised username might bypass LDAP authentication checks. In
LDAP-authenticated Derby installations, this could let an attacker fill
up the disk by creating junk Derby databases. In LDAP-authenticated
Derby installations, this could also allow the attacker to execute
malware which was visible to and executable by the account which booted
the Derby server. In LDAP-protected databases which weren't also
protected by SQL GRANT/REVOKE authorization, this vulnerability could
also let an attacker view and corrupt sensitive data and run sensitive
database functions and procedures.
Mitigation:
Users should upgrade to Java 21 and Derby 10.17.1.0.
Alternatively, users who wish to remain on older Java versions should
build their own Derby distribution from one of the release families to
which the fix was backported: 10.16, 10.15, and 10.14. Those are the
releases which correspond, respectively, with Java LTS versions 17, 11,
and 8.
CWE-74 Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CVSSv3:
Base Score: CRITICAL (9.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:3.9/RC:R/MAV:A References:
Vulnerable Software & Versions: (show all )
CVE-2018-1313 suppress
In Apache Derby 10.3.1.4 to 10.14.1.0, a specially-crafted network packet can be used to request the Derby Network Server to boot a database whose location and contents are under the user's control. If the Derby Network Server is not running with a Java Security Manager policy file, the attack is successful. If the server is using a policy file, the policy file must permit the database location to be read for the attack to work. The default Derby Network Server policy file distributed with the affected releases includes a permissive policy as the default Network Server policy, which allows the attack to work. NVD-CWE-noinfo
CVSSv2:
Base Score: LOW (3.5) Vector: /AV:N/AC:M/Au:S/C:N/I:P/A:N CVSSv3:
Base Score: MEDIUM (5.3) Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N/E:1.6/RC:R/MAV:A References:
Vulnerable Software & Versions: (show all )
disruptor-3.3.6.jarDescription:
Disruptor - Concurrent Programming Framework License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/runner/.m2/repository/com/lmax/disruptor/3.3.6/disruptor-3.3.6.jar
MD5: ed59630d15765aeaede66d67669086c5
SHA1: 09bfca4ee4f691f3737b3f4f006d0c4770f178eb
SHA256: 8c5df12a17f614464ccacc9b7c4935e5f16e694b7788e714cde4b7587d5dd266
Referenced In Project/Scope: shardingsphere-infra-database-hive:provided
disruptor-3.3.6.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.hive/hive-jdbc@3.1.3
Evidence Type Source Name Value Confidence Vendor file name disruptor High Vendor jar package name disruptor Highest Vendor jar package name lmax Highest Vendor Manifest bundle-docurl http://lmax-exchange.github.com/disruptor Low Vendor Manifest bundle-symbolicname com.lmax.disruptor Medium Vendor pom artifactid disruptor Highest Vendor pom artifactid disruptor Low Vendor pom developer email lmax-disruptor@googlegroups.com Low Vendor pom developer id team Medium Vendor pom developer name LMAX Disruptor Development Team Medium Vendor pom groupid com.lmax Highest Vendor pom name Disruptor Framework High Vendor pom url http://lmax-exchange.github.com/disruptor Highest Product file name disruptor High Product jar package name disruptor Highest Product jar package name lmax Highest Product Manifest bundle-docurl http://lmax-exchange.github.com/disruptor Low Product Manifest Bundle-Name Disruptor Framework Medium Product Manifest bundle-symbolicname com.lmax.disruptor Medium Product pom artifactid disruptor Highest Product pom developer email lmax-disruptor@googlegroups.com Low Product pom developer id team Low Product pom developer name LMAX Disruptor Development Team Low Product pom groupid com.lmax Highest Product pom name Disruptor Framework High Product pom url http://lmax-exchange.github.com/disruptor Medium Version file version 3.3.6 High Version Manifest Bundle-Version 3.3.6 High Version pom version 3.3.6 Highest
druid-1.2.7.jarDescription:
A JDBC datasource implementation. License:
Apache 2: http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/runner/.m2/repository/com/alibaba/druid/1.2.7/druid-1.2.7.jar
MD5: 56b779211eb1cc920725e8eff60e25e5
SHA1: fb899366627032a7f8cfbe39b4adca3e492229bf
SHA256: d997b8d70f155763e159b3e77b5b3ec7adcb2da00efa858d3ddd14adfcc4abf3
Referenced In Project/Scope: shardingsphere-transaction-base-seata-at:provided
druid-1.2.7.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/io.seata/seata-all@2.0.0
Evidence Type Source Name Value Confidence Vendor file name druid High Vendor jar package name alibaba Highest Vendor jar package name druid Highest Vendor jar package name jdbc Highest Vendor Manifest implementation-build 2021-09-20 17:18:10 Low Vendor Manifest implementation-url https://github.com/alibaba/druid Low Vendor Manifest Implementation-Vendor Alibaba Group High Vendor Manifest Implementation-Vendor-Id com.alibaba Medium Vendor pom artifactid druid Highest Vendor pom artifactid druid Low Vendor pom developer email little.fierydragon@gmail.com Low Vendor pom developer email szujobs@hotmail.com Low Vendor pom developer email yakolyh@gmail.com Low Vendor pom developer id kiki Medium Vendor pom developer id wenshao Medium Vendor pom developer id yako Medium Vendor pom developer name kiki Medium Vendor pom developer name wenshao Medium Vendor pom developer name yako Medium Vendor pom groupid com.alibaba Highest Vendor pom name druid High Vendor pom organization name Alibaba Group High Vendor pom organization url http://code.alibabatech.com/ Medium Vendor pom url alibaba/druid Highest Product file name druid High Product jar package name alibaba Highest Product jar package name druid Highest Product jar package name jdbc Highest Product Manifest implementation-build 2021-09-20 17:18:10 Low Product Manifest Implementation-Title druid High Product Manifest implementation-url https://github.com/alibaba/druid Low Product pom artifactid druid Highest Product pom developer email little.fierydragon@gmail.com Low Product pom developer email szujobs@hotmail.com Low Product pom developer email yakolyh@gmail.com Low Product pom developer id kiki Low Product pom developer id wenshao Low Product pom developer id yako Low Product pom developer name kiki Low Product pom developer name wenshao Low Product pom developer name yako Low Product pom groupid com.alibaba Highest Product pom name druid High Product pom organization name Alibaba Group Low Product pom organization url http://code.alibabatech.com/ Low Product pom url alibaba/druid High Version file version 1.2.7 High Version Manifest Implementation-Version 1.2.7 High Version pom version 1.2.7 Highest
Related Dependencies seata-all-2.0.0.jar: druid.jarFile Path: /home/runner/.m2/repository/io/seata/seata-all/2.0.0/seata-all-2.0.0.jar/lib/sqlparser/druid.jar MD5: 56b779211eb1cc920725e8eff60e25e5 SHA1: fb899366627032a7f8cfbe39b4adca3e492229bf SHA256: d997b8d70f155763e159b3e77b5b3ec7adcb2da00efa858d3ddd14adfcc4abf3 pkg:maven/com.alibaba/druid@1.2.7 druid-1.2.7.jar: bootstrap.min.jsFile Path: /home/runner/.m2/repository/com/alibaba/druid/1.2.7/druid-1.2.7.jar/support/http/resources/js/bootstrap.min.jsMD5: e90c5ecfa0f7dcfdb6b8ef8aa756acebSHA1: 17686183020cff03e19e960ac8c135c3e9652174SHA256: 354751191e20ab0c948f00065077d20313dfd68305c0a43757c68e1e8ec3d647Referenced In Project/Scope: shardingsphere-transaction-base-seata-at:provided
Evidence Type Source Name Value Confidence
Related Dependencies seata-all-2.0.0.jar: druid.jar: bootstrap.min.jsFile Path: /home/runner/.m2/repository/io/seata/seata-all/2.0.0/seata-all-2.0.0.jar/lib/sqlparser/druid.jar/support/http/resources/js/bootstrap.min.js MD5: e90c5ecfa0f7dcfdb6b8ef8aa756aceb SHA1: 17686183020cff03e19e960ac8c135c3e9652174 SHA256: 354751191e20ab0c948f00065077d20313dfd68305c0a43757c68e1e8ec3d647 druid-1.2.7.jar: common.jsFile Path: /home/runner/.m2/repository/com/alibaba/druid/1.2.7/druid-1.2.7.jar/support/http/resources/js/common.jsMD5: cbee10319b203ff78680135869fc470cSHA1: 5c8623dd41a585c540a8fc9f3931994456bc29e4SHA256: 205dc62c4b918ec87f8392c80e45c3e4f0db754b9c9736073c70944374ef749fReferenced In Project/Scope: shardingsphere-transaction-base-seata-at:provided
Evidence Type Source Name Value Confidence
Related Dependencies seata-all-2.0.0.jar: druid.jar: common.jsFile Path: /home/runner/.m2/repository/io/seata/seata-all/2.0.0/seata-all-2.0.0.jar/lib/sqlparser/druid.jar/support/http/resources/js/common.js MD5: cbee10319b203ff78680135869fc470c SHA1: 5c8623dd41a585c540a8fc9f3931994456bc29e4 SHA256: 205dc62c4b918ec87f8392c80e45c3e4f0db754b9c9736073c70944374ef749f druid-1.2.7.jar: doT.jsFile Path: /home/runner/.m2/repository/com/alibaba/druid/1.2.7/druid-1.2.7.jar/support/http/resources/js/doT.jsMD5: bb0029bab77e01e80957dc8155c09ad6SHA1: d8922e15f3348769feb4d96ee14b644b90ca5f54SHA256: 81d508eb6eb011e638b8f2c67f1d12c6a1be9a0b93f8259094fdefde2c87346dReferenced In Project/Scope: shardingsphere-transaction-base-seata-at:provided
Evidence Type Source Name Value Confidence
Related Dependencies seata-all-2.0.0.jar: druid.jar: doT.jsFile Path: /home/runner/.m2/repository/io/seata/seata-all/2.0.0/seata-all-2.0.0.jar/lib/sqlparser/druid.jar/support/http/resources/js/doT.js MD5: bb0029bab77e01e80957dc8155c09ad6 SHA1: d8922e15f3348769feb4d96ee14b644b90ca5f54 SHA256: 81d508eb6eb011e638b8f2c67f1d12c6a1be9a0b93f8259094fdefde2c87346d druid-1.2.7.jar: jquery.min.jsFile Path: /home/runner/.m2/repository/com/alibaba/druid/1.2.7/druid-1.2.7.jar/support/http/resources/js/jquery.min.jsMD5: ee9c098974b911b6c52ee1629c205973SHA1: 88a7d6db5329b8b93f37b230e57e3a8c2b553d60SHA256: 9c70bee817785bfd4c3df8537ff6e85079bf8123c8096b9618e9c362d904c6e0Referenced In Project/Scope: shardingsphere-transaction-base-seata-at:provided
Evidence Type Source Name Value Confidence
Related Dependencies seata-all-2.0.0.jar: druid.jar: jquery.min.jsFile Path: /home/runner/.m2/repository/io/seata/seata-all/2.0.0/seata-all-2.0.0.jar/lib/sqlparser/druid.jar/support/http/resources/js/jquery.min.js MD5: ee9c098974b911b6c52ee1629c205973 SHA1: 88a7d6db5329b8b93f37b230e57e3a8c2b553d60 SHA256: 9c70bee817785bfd4c3df8537ff6e85079bf8123c8096b9618e9c362d904c6e0 druid-1.2.7.jar: lang.jsFile Path: /home/runner/.m2/repository/com/alibaba/druid/1.2.7/druid-1.2.7.jar/support/http/resources/js/lang.jsMD5: 7bf9b7e436d26ae2f6081f85652aa9bdSHA1: afdc42f68bca3f5a1f9cc9ab1359f2c6e677b712SHA256: 01df8de92cc333298f4ec87e4e661aa075fc8fd5070632d737b5a6f3864fb9c5Referenced In Project/Scope: shardingsphere-transaction-base-seata-at:provided
Evidence Type Source Name Value Confidence
Related Dependencies seata-all-2.0.0.jar: druid.jar: lang.jsFile Path: /home/runner/.m2/repository/io/seata/seata-all/2.0.0/seata-all-2.0.0.jar/lib/sqlparser/druid.jar/support/http/resources/js/lang.js MD5: 7bf9b7e436d26ae2f6081f85652aa9bd SHA1: afdc42f68bca3f5a1f9cc9ab1359f2c6e677b712 SHA256: 01df8de92cc333298f4ec87e4e661aa075fc8fd5070632d737b5a6f3864fb9c5 dubbo-filter-seata-1.0.2.jarLicense:
Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0 File Path: /home/runner/.m2/repository/org/apache/dubbo/extensions/dubbo-filter-seata/1.0.2/dubbo-filter-seata-1.0.2.jar
MD5: 0cb3284693c20e9685f7d94b6844fce9
SHA1: 34be140001a2751b1c963ea0f90087a3ce4d7c14
SHA256: e4f65150b43f82f340e6b9883b16a69737c8feba15cd89b26d42f66a82ba0edc
Referenced In Project/Scope: shardingsphere-transaction-base-seata-at:provided
dubbo-filter-seata-1.0.2.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/io.seata/seata-all@2.0.0
Evidence Type Source Name Value Confidence Vendor file name dubbo-filter-seata High Vendor jar package name apache Highest Vendor jar package name dubbo Highest Vendor jar package name seata Highest Vendor Manifest build-jdk-spec 1.8 Low Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor pom artifactid dubbo-filter-seata Highest Vendor pom artifactid dubbo-filter-seata Low Vendor pom groupid org.apache.dubbo.extensions Highest Vendor pom name ${project.artifactId} High Vendor pom parent-artifactid dubbo-filter-extensions Low Product file name dubbo-filter-seata High Product jar package name apache Highest Product jar package name dubbo Highest Product jar package name seata Highest Product Manifest build-jdk-spec 1.8 Low Product Manifest Implementation-Title dubbo-filter-seata High Product Manifest specification-title dubbo-filter-seata Medium Product pom artifactid dubbo-filter-seata Highest Product pom groupid org.apache.dubbo.extensions Highest Product pom name ${project.artifactId} High Product pom parent-artifactid dubbo-filter-extensions Medium Version file version 1.0.2 High Version Manifest Implementation-Version 1.0.2 High Version pom parent-version 1.0.2 Low Version pom version 1.0.2 Highest
CVE-2021-32824 suppress
Apache Dubbo is a java based, open source RPC framework. Versions prior to 2.6.10 and 2.7.10 are vulnerable to pre-auth remote code execution via arbitrary bean manipulation in the Telnet handler. The Dubbo main service port can be used to access a Telnet Handler which offers some basic methods to collect information about the providers and methods exposed by the service and it can even allow to shutdown the service. This endpoint is unprotected. Additionally, a provider method can be invoked using the `invoke` handler. This handler uses a safe version of FastJson to process the call arguments. However, the resulting list is later processed with `PojoUtils.realize` which can be used to instantiate arbitrary classes and invoke its setters. Even though FastJson is properly protected with a default blocklist, `PojoUtils.realize` is not, and an attacker can leverage that to achieve remote code execution. Versions 2.6.10 and 2.7.10 contain fixes for this issue. CWE-502 Deserialization of Untrusted Data
CVSSv3:
Base Score: CRITICAL (9.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:3.9/RC:R/MAV:A References:
Vulnerable Software & Versions: (show all )
CVE-2022-24969 suppress
bypass CVE-2021-25640 > In Apache Dubbo prior to 2.6.12 and 2.7.15, the usage of parseURL method will lead to the bypass of the white host check which can cause open redirect or SSRF vulnerability. CWE-601 URL Redirection to Untrusted Site ('Open Redirect'), CWE-918 Server-Side Request Forgery (SSRF)
CVSSv2:
Base Score: MEDIUM (5.8) Vector: /AV:N/AC:M/Au:N/C:P/I:P/A:N CVSSv3:
Base Score: MEDIUM (6.1) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:2.8/RC:R/MAV:A References:
Vulnerable Software & Versions: (show all )
ecj-4.4.2.jarDescription:
Eclipse JDT Core Batch Compiler License:
Eclipse Public License v1.0: http://www.eclipse.org/org/documents/epl-v10.php File Path: /home/runner/.m2/repository/org/eclipse/jdt/core/compiler/ecj/4.4.2/ecj-4.4.2.jar
MD5: ee97ab38f390547839b950bb51bf5cb5
SHA1: 71d67f5bab9465ec844596ef844f40902ae25392
SHA256: 2d6ee21554bbba012b6b0383be6e6587fa35370104e41c10a3eb47039fa3e6d1
Referenced In Project/Scope: shardingsphere-infra-database-hive:provided
ecj-4.4.2.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.hive/hive-jdbc@3.1.3
Evidence Type Source Name Value Confidence Vendor file name ecj High Vendor jar package name compiler Highest Vendor jar package name core Highest Vendor jar package name eclipse Highest Vendor jar package name jdt Highest Vendor Manifest bundle-symbolicname org.eclipse.jdt.core.compiler.batch Medium Vendor pom artifactid ecj Highest Vendor pom artifactid ecj Low Vendor pom developer email ralphschaer@gmail.com Low Vendor pom developer name Ralph Schaer Medium Vendor pom groupid org.eclipse.jdt.core.compiler Highest Vendor pom name Eclipse ECJ High Vendor pom url http://www.eclipse.org/jdt/ Highest Product file name ecj High Product jar package name compiler Highest Product jar package name core Highest Product jar package name eclipse Highest Product jar package name jdt Highest Product Manifest Bundle-Name Eclipse Compiler for Java(TM) Medium Product Manifest bundle-symbolicname org.eclipse.jdt.core.compiler.batch Medium Product pom artifactid ecj Highest Product pom developer email ralphschaer@gmail.com Low Product pom developer name Ralph Schaer Low Product pom groupid org.eclipse.jdt.core.compiler Highest Product pom name Eclipse ECJ High Product pom url http://www.eclipse.org/jdt/ Medium Version file version 4.4.2 High Version pom version 4.4.2 Highest
elasticjob-lite-core-3.0.4.jar elasticjob-registry-center-zookeeper-curator-3.0.4.jarFile Path: /home/runner/.m2/repository/org/apache/shardingsphere/elasticjob/elasticjob-registry-center-zookeeper-curator/3.0.4/elasticjob-registry-center-zookeeper-curator-3.0.4.jarMD5: 3d0ecbcb86119ab3b05c17b62d50a66aSHA1: 97253eb9acebce2e02b6bfa903f41a057102b7ceSHA256: af31e723c5130c767ad60d52599da6d95a753059a7e39a40770b2892cf12adb5Referenced In Projects/Scopes:
shardingsphere-proxy-backend-opengauss:compile shardingsphere-data-pipeline-scenario-consistencycheck:compile shardingsphere-test-e2e-agent-plugins-metrics-prometheus:compile shardingsphere-test-e2e-agent-plugins-jaeger:compile shardingsphere-agent-metrics-core:provided shardingsphere-proxy-backend-postgresql:compile shardingsphere-agent-logging-type:provided shardingsphere-proxy-native-distribution:compile shardingsphere-agent-tracing-core:provided shardingsphere-test-e2e-sql:compile shardingsphere-data-pipeline-cdc-core:compile shardingsphere-proxy-backend-hbase:compile shardingsphere-data-pipeline-postgresql:compile shardingsphere-agent-logging-file:provided shardingsphere-data-pipeline-mysql:compile shardingsphere-test-e2e-env:compile shardingsphere-test-e2e-fixture:compile shardingsphere-agent-plugin-core:provided shardingsphere-test-e2e-agent-plugins-zipkin:compile shardingsphere-proxy-frontend-opengauss:compile shardingsphere-agent-plugin-logging:provided shardingsphere-proxy-backend-core:compile shardingsphere-test-it-pipeline:compile shardingsphere-test-e2e-showprocesslist:compile shardingsphere-proxy-distribution:compile shardingsphere-test-e2e-transaction:compile shardingsphere-agent-metrics-type:provided shardingsphere-agent-tracing-opentelemetry:provided shardingsphere-data-pipeline-opengauss:compile shardingsphere-proxy-frontend-postgresql:compile shardingsphere-data-pipeline-core:compile shardingsphere-agent-metrics-prometheus:provided shardingsphere-proxy-frontend-mysql:compile shardingsphere-test-e2e-agent-plugins-logging-file:compile shardingsphere-test-e2e-agent-plugins-common:compile shardingsphere-schedule-core:compile shardingsphere-agent-tracing-type:provided shardingsphere-proxy-frontend-core:compile shardingsphere-proxy-bootstrap:compile shardingsphere-proxy-frontend-spi:compile shardingsphere-data-pipeline-distsql-handler:compile shardingsphere-agent-plugin-metrics:provided shardingsphere-agent-plugins:provided shardingsphere-data-pipeline-scenario-migration:compile shardingsphere-agent-plugin-tracing:provided shardingsphere-proxy-backend-mysql:compile shardingsphere-test-e2e-pipeline:compile elasticjob-registry-center-zookeeper-curator-3.0.4.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-env@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-common@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-env@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-bootstrap@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-fixture@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-common@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-common@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-postgresql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere.elasticjob/elasticjob-lite-core@3.0.4 pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-fixture@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-bootstrap@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere.elasticjob/elasticjob-lite-core@3.0.4 pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-common@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-schedule-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-postgresql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-scenario-consistencycheck@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-mysql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-bootstrap@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-core@5.5.1-SNAPSHOT Evidence Type Source Name Value Confidence Vendor file name elasticjob-registry-center-zookeeper-curator High Vendor jar package name apache Highest Vendor jar package name elasticjob Highest Vendor jar package name shardingsphere Highest Vendor Manifest build-jdk-spec 11 Low Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor pom artifactid elasticjob-registry-center-zookeeper-curator Highest Vendor pom artifactid elasticjob-registry-center-zookeeper-curator Low Vendor pom groupid org.apache.shardingsphere.elasticjob Highest Vendor pom name ${project.artifactId} High Vendor pom parent-artifactid elasticjob-regitry-center-provider Low Product file name elasticjob-registry-center-zookeeper-curator High Product jar package name apache Highest Product jar package name elasticjob Highest Product jar package name shardingsphere Highest Product Manifest build-jdk-spec 11 Low Product Manifest Implementation-Title elasticjob-registry-center-zookeeper-curator High Product Manifest specification-title elasticjob-registry-center-zookeeper-curator Medium Product pom artifactid elasticjob-registry-center-zookeeper-curator Highest Product pom groupid org.apache.shardingsphere.elasticjob Highest Product pom name ${project.artifactId} High Product pom parent-artifactid elasticjob-regitry-center-provider Medium Version file version 3.0.4 High Version Manifest Implementation-Version 3.0.4 High Version pom version 3.0.4 Highest
CVE-2022-45347 suppress
Apache ShardingSphere-Proxy prior to 5.3.0 when using MySQL as database backend didn't cleanup the database session completely after client authentication failed, which allowed an attacker to execute normal commands by constructing a special MySQL client. This vulnerability has been fixed in Apache ShardingSphere 5.3.0. CWE-459 Incomplete Cleanup
CVSSv3:
Base Score: CRITICAL (9.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:3.9/RC:R/MAV:A References:
Vulnerable Software & Versions:
CVE-2023-44981 suppress
Authorization Bypass Through User-Controlled Key vulnerability in Apache ZooKeeper. If SASL Quorum Peer authentication is enabled in ZooKeeper (quorum.auth.enableSasl=true), the authorization is done by verifying that the instance part in SASL authentication ID is listed in zoo.cfg server list. The instance part in SASL auth ID is optional and if it's missing, like 'eve@EXAMPLE.COM', the authorization check will be skipped.��As a result an arbitrary endpoint could join the cluster and begin propagating counterfeit changes to the leader, essentially giving it complete read-write access to the data tree.��Quorum Peer authentication is not enabled by default.
Users are recommended to upgrade to version 3.9.1, 3.8.3, 3.7.2, which fixes the issue.
Alternately ensure the ensemble election/quorum communication is protected by a firewall as this will mitigate the issue.
See the documentation for more details on correct cluster administration.
CWE-639 Authorization Bypass Through User-Controlled Key
CVSSv3:
Base Score: CRITICAL (9.1) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:3.9/RC:R/MAV:A References:
Vulnerable Software & Versions: (show all )
CVE-2023-28754 suppress
Deserialization of Untrusted Data vulnerability in Apache ShardingSphere-Agent, which allows attackers to execute arbitrary code by constructing a special YAML configuration file.
The attacker needs to have permission to modify the ShardingSphere Agent YAML configuration file on the target machine, and the target machine can access the URL with the arbitrary code JAR.
An attacker can use SnakeYAML to deserialize java.net.URLClassLoader and make it load a JAR from a specified URL, and then deserialize javax.script.ScriptEngineManager to load code using that ClassLoader. When the ShardingSphere JVM process starts and uses the ShardingSphere-Agent, the arbitrary code specified by the attacker will be executed during the deserialization of the YAML configuration file by the Agent.
This issue affects ShardingSphere-Agent: through 5.3.2. This vulnerability is fixed in Apache ShardingSphere 5.4.0. CWE-502 Deserialization of Untrusted Data
CVSSv3:
Base Score: HIGH (8.8) Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:2.8/RC:R/MAV:A References:
Vulnerable Software & Versions:
CVE-2016-5017 suppress
Buffer overflow in the C cli shell in Apache Zookeeper before 3.4.9 and 3.5.x before 3.5.3, when using the "cmd:" batch mode syntax, allows attackers to have unspecified impact via a long command string. CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
CVSSv2:
Base Score: MEDIUM (6.8) Vector: /AV:N/AC:M/Au:N/C:P/I:P/A:P CVSSv3:
Base Score: HIGH (8.1) Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:2.2/RC:R/MAV:A References:
Vulnerable Software & Versions: (show all )
CVE-2018-8012 suppress
No authentication/authorization is enforced when a server attempts to join a quorum in Apache ZooKeeper before 3.4.10, and 3.5.0-alpha through 3.5.3-beta. As a result an arbitrary end point could join the cluster and begin propagating counterfeit changes to the leader. CWE-862 Missing Authorization
CVSSv2:
Base Score: MEDIUM (5.0) Vector: /AV:N/AC:L/Au:N/C:N/I:P/A:N CVSSv3:
Base Score: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:3.9/RC:R/MAV:A References:
Vulnerable Software & Versions: (show all )
CVE-2019-0201 suppress
An issue is present in Apache ZooKeeper 1.0.0 to 3.4.13 and 3.5.0-alpha to 3.5.4-beta. ZooKeeper���s getACL() command doesn���t check any permission when retrieves the ACLs of the requested node and returns all information contained in the ACL Id field as plaintext string. DigestAuthenticationProvider overloads the Id field with the hash value that is used for user authentication. As a consequence, if Digest Authentication is in use, the unsalted hash value will be disclosed by getACL() request for unauthenticated or unprivileged users. CWE-862 Missing Authorization
CVSSv2:
Base Score: MEDIUM (4.3) Vector: /AV:N/AC:M/Au:N/C:P/I:N/A:N CVSSv3:
Base Score: MEDIUM (5.9) Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:2.2/RC:R/MAV:A References:
Vulnerable Software & Versions: (show all )
error_prone_annotations-2.22.0.jar failsafe-3.3.2.jarDescription:
Fault tolerance and resilience patterns License:
http://apache.org/licenses/LICENSE-2.0 File Path: /home/runner/.m2/repository/dev/failsafe/failsafe/3.3.2/failsafe-3.3.2.jar
MD5: 484218fc76b81fff7ad7378a77ca6231
SHA1: 738a986f1f0e4b6c6a49d351dddc772d1378c5a8
SHA256: 2c5dc879a6dac7ea3a7b29d795e27bd49b8e7908b05c2f3e56053c19d79850f5
Referenced In Projects/Scopes: shardingsphere-proxy-distribution:compile shardingsphere-test-e2e-agent-plugins-metrics-prometheus:compile shardingsphere-test-e2e-transaction:compile shardingsphere-test-e2e-agent-plugins-jaeger:compile shardingsphere-agent-metrics-core:provided shardingsphere-proxy-native-distribution:compile shardingsphere-test-e2e-sql:compile shardingsphere-agent-metrics-prometheus:provided shardingsphere-test-e2e-agent-plugins-logging-file:compile shardingsphere-cluster-mode-repository-etcd:compile shardingsphere-test-e2e-agent-plugins-common:compile shardingsphere-jdbc-distribution:compile shardingsphere-test-e2e-env:compile shardingsphere-test-e2e-fixture:compile shardingsphere-proxy-bootstrap:compile shardingsphere-test-e2e-agent-plugins-zipkin:compile shardingsphere-test-e2e-pipeline:compile shardingsphere-test-e2e-showprocesslist:compile failsafe-3.3.2.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-bootstrap@5.5.1-SNAPSHOT pkg:maven/io.etcd/jetcd-core@0.7.7 pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-bootstrap@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-cluster-mode-repository-etcd@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-env@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-common@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-bootstrap@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-fixture@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-bootstrap@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-bootstrap@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-common@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-bootstrap@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-common@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-env@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-common@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-bootstrap@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-fixture@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-cluster-mode-repository-etcd@5.5.1-SNAPSHOT Evidence Type Source Name Value Confidence Vendor file name failsafe High Vendor jar package name dev Highest Vendor jar package name failsafe Highest Vendor Manifest automatic-module-name dev.failsafe Medium Vendor Manifest build-jdk-spec 11 Low Vendor Manifest bundle-symbolicname dev.failsafe Medium Vendor Manifest multi-release true Low Vendor pom artifactid failsafe Highest Vendor pom artifactid failsafe Low Vendor pom groupid dev.failsafe Highest Vendor pom name Failsafe High Vendor pom parent-artifactid failsafe-parent Low Product file name failsafe High Product jar package name dev Highest Product jar package name failsafe Highest Product Manifest automatic-module-name dev.failsafe Medium Product Manifest build-jdk-spec 11 Low Product Manifest Bundle-Name Failsafe Medium Product Manifest bundle-symbolicname dev.failsafe Medium Product Manifest Implementation-Title Fault tolerance and resilience patterns High Product Manifest multi-release true Low Product pom artifactid failsafe Highest Product pom groupid dev.failsafe Highest Product pom name Failsafe High Product pom parent-artifactid failsafe-parent Medium Version file version 3.3.2 High Version Manifest Bundle-Version 3.3.2 High Version Manifest Implementation-Version 3.3.2 High Version pom version 3.3.2 Highest
failureaccess-1.0.1.jar fastjson-1.2.83.jarDescription:
Fastjson is a JSON processor (JSON parser + JSON generator) written in Java License:
Apache 2: http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/runner/.m2/repository/com/alibaba/fastjson/1.2.83/fastjson-1.2.83.jar
MD5: ec12f33fe03e6ec07fdd9bc7a0624074
SHA1: 9ee94951bc107d382519975d04bc950b6c6ab297
SHA256: 641a4d65ab32fbfdccd9c718e3f83ebc4caabdb5e4fe5b3d51527c5fe692631d
Referenced In Project/Scope: shardingsphere-transaction-base-seata-at:provided
fastjson-1.2.83.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/io.seata/seata-all@2.0.0
Evidence Type Source Name Value Confidence Vendor file name fastjson High Vendor jar package name alibaba Highest Vendor jar package name alibaba Low Vendor jar package name fastjson Highest Vendor jar package name fastjson Low Vendor jar package name parser Highest Vendor pom artifactid fastjson Highest Vendor pom artifactid fastjson Low Vendor pom developer email 654815312@qq.com Low Vendor pom developer email 89921218@qq.com Low Vendor pom developer email email_dsl@163.com Low Vendor pom developer email iamaxman@hotmail.com Low Vendor pom developer email kimmking@163.com Low Vendor pom developer email szujobs@hotmail.com Low Vendor pom developer email Victor.Zxy@outlook.com Low Vendor pom developer id axmanwang Medium Vendor pom developer id kimmking Medium Vendor pom developer id Neil Dong Medium Vendor pom developer id Omega-Ariston Medium Vendor pom developer id Victor Zeng Medium Vendor pom developer id wenshao Medium Vendor pom developer name axmanwang Medium Vendor pom developer name Jiechuan Chen Medium Vendor pom developer name kimmking Medium Vendor pom developer name Neil Dong Medium Vendor pom developer name Victor Zeng Medium Vendor pom developer name wenshao Medium Vendor pom developer name 李恒名 Medium Vendor pom groupid com.alibaba Highest Vendor pom name fastjson High Vendor pom organization name Alibaba Group High Vendor pom organization url alibaba Medium Vendor pom url alibaba/fastjson Highest Product file name fastjson High Product jar package name alibaba Highest Product jar package name fastjson Highest Product jar package name fastjson Low Product jar package name parser Highest Product pom artifactid fastjson Highest Product pom developer email 654815312@qq.com Low Product pom developer email 89921218@qq.com Low Product pom developer email email_dsl@163.com Low Product pom developer email iamaxman@hotmail.com Low Product pom developer email kimmking@163.com Low Product pom developer email szujobs@hotmail.com Low Product pom developer email Victor.Zxy@outlook.com Low Product pom developer id axmanwang Low Product pom developer id kimmking Low Product pom developer id Neil Dong Low Product pom developer id Omega-Ariston Low Product pom developer id Victor Zeng Low Product pom developer id wenshao Low Product pom developer name axmanwang Low Product pom developer name Jiechuan Chen Low Product pom developer name kimmking Low Product pom developer name Neil Dong Low Product pom developer name Victor Zeng Low Product pom developer name wenshao Low Product pom developer name 李恒名 Low Product pom groupid com.alibaba Highest Product pom name fastjson High Product pom organization name Alibaba Group Low Product pom url alibaba High Product pom url alibaba/fastjson High Version file version 1.2.83 High Version pom version 1.2.83 Highest
findbugs-annotations-1.3.9-1.jarDescription:
A clean room implementation of the Findbugs Annotations based entirely on the specification provided
by the javadocs and at http://findbugs.sourceforge.net/manual/annotations.html.
License:
Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/runner/.m2/repository/com/github/stephenc/findbugs/findbugs-annotations/1.3.9-1/findbugs-annotations-1.3.9-1.jar
MD5: 70fda5202eb9d9ce4f250f2c2ba71152
SHA1: a6b11447635d80757d64b355bed3c00786d86801
SHA256: 1e651066ed9ae35d7e3001d635d1dbba1c2965db0e4e33e2c14ad610543f225c
Referenced In Projects/Scopes: shardingsphere-infra-database-hive:provided shardingsphere-proxy-backend-hbase:compile findbugs-annotations-1.3.9-1.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.hbase/hbase-shaded-client@1.7.1 pkg:maven/org.apache.hive/hive-jdbc@3.1.3 Evidence Type Source Name Value Confidence Vendor file name findbugs-annotations High Vendor jar package name cs Low Vendor jar package name edu Low Vendor jar package name findbugs Highest Vendor jar package name umd Low Vendor pom artifactid findbugs-annotations Highest Vendor pom artifactid findbugs-annotations Low Vendor pom developer id stephenc Medium Vendor pom developer name Stephen Connolly Medium Vendor pom groupid com.github.stephenc.findbugs Highest Vendor pom name Findbugs Annotations under Apache License High Vendor pom url http://stephenc.github.com/findbugs-annotations Highest Product file name findbugs-annotations High Product jar package name cs Low Product jar package name findbugs Highest Product jar package name findbugs Low Product jar package name umd Low Product pom artifactid findbugs-annotations Highest Product pom developer id stephenc Low Product pom developer name Stephen Connolly Low Product pom groupid com.github.stephenc.findbugs Highest Product pom name Findbugs Annotations under Apache License High Product pom url http://stephenc.github.com/findbugs-annotations Medium Version pom version 1.3.9-1 Highest
freemarker-2.3.31.jarDescription:
FreeMarker is a "template engine"; a generic tool to generate text output based on templates.
License:
Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/runner/.m2/repository/org/freemarker/freemarker/2.3.31/freemarker-2.3.31.jar
MD5: 962b1ff657a58cb26a9bbccb2a84d2bd
SHA1: cd4fc0942b4a8bdb19f3b669aa42136fb54feb55
SHA256: 68ecb4c5aa4934b7b50c38b0e495d7589e52dfb9d28b964ac2008b72090bfaae
Referenced In Projects/Scopes: shardingsphere-proxy-backend-opengauss:compile shardingsphere-test-e2e-agent-plugins-metrics-prometheus:compile shardingsphere-test-e2e-agent-plugins-jaeger:compile shardingsphere-agent-metrics-core:provided shardingsphere-proxy-backend-postgresql:compile shardingsphere-agent-logging-type:provided shardingsphere-proxy-native-distribution:compile shardingsphere-agent-tracing-core:provided shardingsphere-test-e2e-sql:compile shardingsphere-proxy-backend-hbase:compile shardingsphere-data-pipeline-postgresql:compile shardingsphere-agent-logging-file:provided shardingsphere-test-e2e-env:compile shardingsphere-test-e2e-fixture:compile shardingsphere-agent-plugin-core:provided shardingsphere-test-e2e-agent-plugins-zipkin:compile shardingsphere-proxy-frontend-opengauss:compile shardingsphere-agent-plugin-logging:provided shardingsphere-proxy-backend-core:compile shardingsphere-test-it-pipeline:compile shardingsphere-test-e2e-showprocesslist:compile shardingsphere-proxy-distribution:compile shardingsphere-test-e2e-transaction:compile shardingsphere-agent-metrics-type:provided shardingsphere-agent-tracing-opentelemetry:provided shardingsphere-data-pipeline-opengauss:compile shardingsphere-proxy-frontend-postgresql:compile shardingsphere-agent-metrics-prometheus:provided shardingsphere-proxy-frontend-mysql:compile shardingsphere-test-e2e-agent-plugins-logging-file:compile shardingsphere-test-e2e-agent-plugins-common:compile shardingsphere-agent-tracing-type:provided shardingsphere-proxy-frontend-core:compile shardingsphere-proxy-bootstrap:compile shardingsphere-proxy-frontend-spi:compile shardingsphere-agent-plugin-metrics:provided shardingsphere-agent-plugins:provided shardingsphere-agent-plugin-tracing:provided shardingsphere-proxy-backend-mysql:compile shardingsphere-test-e2e-pipeline:compile freemarker-2.3.31.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-env@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-postgresql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-postgresql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-bootstrap@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-fixture@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-common@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-bootstrap@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-env@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-fixture@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-postgresql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-bootstrap@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-common@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-common@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-postgresql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-common@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-postgresql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-core@5.5.1-SNAPSHOT Evidence Type Source Name Value Confidence Vendor file name freemarker High Vendor jar package name freemarker Highest Vendor jar package name template Highest Vendor Manifest automatic-module-name freemarker Medium Vendor Manifest bundle-requiredexecutionenvironment JavaSE-1.8, JavaSE-1.7 Low Vendor Manifest bundle-symbolicname org.freemarker.freemarker Medium Vendor Manifest extension-name FreeMarker Medium Vendor Manifest Implementation-Vendor freemarker.org High Vendor Manifest specification-vendor freemarker.org Low Vendor pom artifactid freemarker Highest Vendor pom artifactid freemarker Low Vendor pom groupid org.freemarker Highest Vendor pom name Apache FreeMarker High Vendor pom organization name Apache Software Foundation High Vendor pom organization url http://apache.org Medium Vendor pom parent-artifactid apache Low Vendor pom parent-groupid org.apache Medium Vendor pom url https://freemarker.apache.org/ Highest Product file name freemarker High Product jar package name freemarker Highest Product jar package name template Highest Product Manifest automatic-module-name freemarker Medium Product Manifest Bundle-Name org.freemarker.freemarker Medium Product Manifest bundle-requiredexecutionenvironment JavaSE-1.8, JavaSE-1.7 Low Product Manifest bundle-symbolicname org.freemarker.freemarker Medium Product Manifest extension-name FreeMarker Medium Product Manifest Implementation-Title FreeMarker High Product Manifest specification-title FreeMarker Medium Product pom artifactid freemarker Highest Product pom groupid org.freemarker Highest Product pom name Apache FreeMarker High Product pom organization name Apache Software Foundation Low Product pom organization url http://apache.org Low Product pom parent-artifactid apache Medium Product pom parent-groupid org.apache Medium Product pom url https://freemarker.apache.org/ Medium Version file version 2.3.31 High Version Manifest Implementation-Version 2.3.31 High Version pom parent-version 2.3.31 Low Version pom version 2.3.31 Highest
groovy-4.0.19.jar grpc-core-1.58.0.jarDescription:
gRPC: Core License:
Apache 2.0: https://opensource.org/licenses/Apache-2.0 File Path: /home/runner/.m2/repository/io/grpc/grpc-core/1.58.0/grpc-core-1.58.0.jar
MD5: 8de3aeacb6126f080226c66f469b45ed
SHA1: 5a0fa4249397504443f7609754bf0acb50e0a0c5
SHA256: 93c8880824ee124b91c31f0f1052f86372719d6ece6e4be1c591b7d6dc639f5f
Referenced In Projects/Scopes: shardingsphere-proxy-distribution:compile shardingsphere-test-e2e-agent-plugins-metrics-prometheus:compile shardingsphere-test-e2e-transaction:compile shardingsphere-test-e2e-agent-plugins-jaeger:compile shardingsphere-agent-metrics-core:provided shardingsphere-proxy-native-distribution:compile shardingsphere-test-e2e-sql:compile shardingsphere-agent-metrics-prometheus:provided shardingsphere-test-e2e-agent-plugins-logging-file:compile shardingsphere-cluster-mode-repository-etcd:compile shardingsphere-test-e2e-agent-plugins-common:compile shardingsphere-jdbc-distribution:compile shardingsphere-test-e2e-env:compile shardingsphere-test-e2e-fixture:compile shardingsphere-proxy-bootstrap:compile shardingsphere-test-e2e-agent-plugins-zipkin:compile shardingsphere-test-e2e-pipeline:compile shardingsphere-test-e2e-showprocesslist:compile grpc-core-1.58.0.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-common@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-fixture@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-common@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-common@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-bootstrap@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-bootstrap@5.5.1-SNAPSHOT pkg:maven/io.etcd/jetcd-core@0.7.7 pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-env@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-bootstrap@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-bootstrap@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-cluster-mode-repository-etcd@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-common@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-fixture@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-bootstrap@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-env@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-bootstrap@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-cluster-mode-repository-etcd@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-bootstrap@5.5.1-SNAPSHOT Evidence Type Source Name Value Confidence Vendor file name grpc-core High Vendor jar package name grpc Highest Vendor jar package name internal Highest Vendor jar package name io Highest Vendor Manifest automatic-module-name io.grpc.internal Medium Vendor pom artifactid grpc-core Highest Vendor pom artifactid grpc-core Low Vendor pom developer email grpc-io@googlegroups.com Low Vendor pom developer id grpc.io Medium Vendor pom developer name gRPC Contributors Medium Vendor pom developer org gRPC Authors Medium Vendor pom developer org URL https://www.google.com Medium Vendor pom groupid io.grpc Highest Vendor pom name io.grpc:grpc-core High Vendor pom url grpc/grpc-java Highest Product file name grpc-core High Product jar package name grpc Highest Product jar package name internal Highest Product jar package name io Highest Product Manifest automatic-module-name io.grpc.internal Medium Product Manifest Implementation-Title jar High Product pom artifactid grpc-core Highest Product pom developer email grpc-io@googlegroups.com Low Product pom developer id grpc.io Low Product pom developer name gRPC Contributors Low Product pom developer org gRPC Authors Low Product pom developer org URL https://www.google.com Low Product pom groupid io.grpc Highest Product pom name io.grpc:grpc-core High Product pom url grpc/grpc-java High Version file version 1.58.0 High Version Manifest Implementation-Version 1.58.0 High Version pom version 1.58.0 Highest
Related Dependencies grpc-api-1.58.0.jarFile Path: /home/runner/.m2/repository/io/grpc/grpc-api/1.58.0/grpc-api-1.58.0.jar MD5: 366ec27b50806e079e363eee6087fa18 SHA1: 1f761949cdfd418a5f662e0d22d2c95f60099c0b SHA256: d688d25f4f533979df2fcd0881e1e30c2928e5b654ff09bf1440923282b0d945 pkg:maven/io.grpc/grpc-api@1.58.0 grpc-context-1.58.0.jarFile Path: /home/runner/.m2/repository/io/grpc/grpc-context/1.58.0/grpc-context-1.58.0.jar MD5: ce89a1e1593c574f12066215cd2625c9 SHA1: eae1e3ed15e40e3bd5c080a9bbb9a8eb1770afb7 SHA256: 3a7626d13084958bcdeab59412e4ec873f07c8315ff2510d363856fac7fadc51 pkg:maven/io.grpc/grpc-context@1.58.0 grpc-grpclb-1.58.0.jarFile Path: /home/runner/.m2/repository/io/grpc/grpc-grpclb/1.58.0/grpc-grpclb-1.58.0.jar MD5: 14b42aec36bd428d2a47bd96a4072787 SHA1: 1d4e60a8053e583fd23b002c468df715ce7ffdab SHA256: a2bc4555451c58c1fb0d3ad49e9b97963bb731aab7a710efaa7d5bc92c22ae53 pkg:maven/io.grpc/grpc-grpclb@1.58.0 grpc-netty-1.58.0.jarFile Path: /home/runner/.m2/repository/io/grpc/grpc-netty/1.58.0/grpc-netty-1.58.0.jar MD5: 0112f3f3df09d7397bb10663d49f1395 SHA1: 96ae48464ce0496e08c6a1c27a75e2135214fc7a SHA256: 31ffea0cf52351657c34cd476050cea41f61cb2d15863d3424fe457e7d7cac0a pkg:maven/io.grpc/grpc-netty@1.58.0 grpc-stub-1.58.0.jarFile Path: /home/runner/.m2/repository/io/grpc/grpc-stub/1.58.0/grpc-stub-1.58.0.jar MD5: e6ca139c13871aa1e119f089c2b78e52 SHA1: 6bba82c4e3298ffbc2faa182821c98f6e3903d77 SHA256: 1af7bbc56be7b1131c1322ba183126dd050306f91128193f4b9bd5ea71ac8c88 pkg:maven/io.grpc/grpc-stub@1.58.0 grpc-util-1.58.0.jarFile Path: /home/runner/.m2/repository/io/grpc/grpc-util/1.58.0/grpc-util-1.58.0.jar MD5: 46677a596c2ad603904c7d991195b686 SHA1: 1e95f31fe99adb642ec9d800ed950b438dfd0e50 SHA256: 9e8999d98523fb975c7a316bd524671576c1c638b1b1fd357340bb90be14b5db pkg:maven/io.grpc/grpc-util@1.58.0 CVE-2023-44487 suppress
CISA Known Exploited Vulnerability: Product: IETF HTTP/2 Name: HTTP/2 Rapid Reset Attack Vulnerability Date Added: 2023-10-10 Description: HTTP/2 contains a rapid reset vulnerability that allows for a distributed denial-of-service attack (DDoS). Required Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. Due Date: 2023-10-31 Notes: This vulnerability affects a common open-source component, third-party library, or a protocol used by different products. Please check with specific vendors for information on patching status. For more information, please see: https://blog.cloudflare.com/technical-breakdown-http2-rapid-reset-ddos-attack/
The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. CWE-400 Uncontrolled Resource Consumption
CVSSv3:
Base Score: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:3.9/RC:R/MAV:A References:
cve@mitre.org - EXPLOIT,THIRD_PARTY_ADVISORY cve@mitre.org - ISSUE_TRACKING cve@mitre.org - ISSUE_TRACKING,PATCH,VENDOR_ADVISORY cve@mitre.org - ISSUE_TRACKING,PATCH,VENDOR_ADVISORY cve@mitre.org - ISSUE_TRACKING,PATCH,VENDOR_ADVISORY cve@mitre.org - ISSUE_TRACKING,PATCH,VENDOR_ADVISORY cve@mitre.org - ISSUE_TRACKING,PRESS/MEDIA_COVERAGE cve@mitre.org - ISSUE_TRACKING,THIRD_PARTY_ADVISORY cve@mitre.org - ISSUE_TRACKING,THIRD_PARTY_ADVISORY cve@mitre.org - ISSUE_TRACKING,THIRD_PARTY_ADVISORY cve@mitre.org - ISSUE_TRACKING,THIRD_PARTY_ADVISORY cve@mitre.org - ISSUE_TRACKING,VENDOR_ADVISORY cve@mitre.org - ISSUE_TRACKING,VENDOR_ADVISORY cve@mitre.org - ISSUE_TRACKING,VENDOR_ADVISORY cve@mitre.org - ISSUE_TRACKING,VENDOR_ADVISORY cve@mitre.org - ISSUE_TRACKING,VENDOR_ADVISORY cve@mitre.org - ISSUE_TRACKING,VENDOR_ADVISORY cve@mitre.org - ISSUE_TRACKING,VENDOR_ADVISORY cve@mitre.org - ISSUE_TRACKING,VENDOR_ADVISORY cve@mitre.org - ISSUE_TRACKING,VENDOR_ADVISORY cve@mitre.org - ISSUE_TRACKING,VENDOR_ADVISORY cve@mitre.org - ISSUE_TRACKING,VENDOR_ADVISORY cve@mitre.org - ISSUE_TRACKING,VENDOR_ADVISORY cve@mitre.org - ISSUE_TRACKING,VENDOR_ADVISORY cve@mitre.org - ISSUE_TRACKING,VENDOR_ADVISORY cve@mitre.org - ISSUE_TRACKING,VENDOR_ADVISORY cve@mitre.org - ISSUE_TRACKING,VENDOR_ADVISORY cve@mitre.org - ISSUE_TRACKING,VENDOR_ADVISORY cve@mitre.org - ISSUE_TRACKING,VENDOR_ADVISORY cve@mitre.org - MAILING_LIST cve@mitre.org - MAILING_LIST,PATCH,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,PATCH,VENDOR_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,VENDOR_ADVISORY cve@mitre.org - MAILING_LIST,VENDOR_ADVISORY cve@mitre.org - MITIGATION,PATCH,VENDOR_ADVISORY cve@mitre.org - MITIGATION,PATCH,VENDOR_ADVISORY cve@mitre.org - MITIGATION,VENDOR_ADVISORY cve@mitre.org - MITIGATION,VENDOR_ADVISORY cve@mitre.org - PATCH,THIRD_PARTY_ADVISORY cve@mitre.org - PATCH,THIRD_PARTY_ADVISORY cve@mitre.org - PATCH,VENDOR_ADVISORY cve@mitre.org - PATCH,VENDOR_ADVISORY cve@mitre.org - PATCH,VENDOR_ADVISORY cve@mitre.org - PATCH,VENDOR_ADVISORY cve@mitre.org - PATCH,VENDOR_ADVISORY cve@mitre.org - PATCH,VENDOR_ADVISORY cve@mitre.org - PATCH,VENDOR_ADVISORY cve@mitre.org - PATCH,VENDOR_ADVISORY cve@mitre.org - PATCH,VENDOR_ADVISORY cve@mitre.org - PATCH,VENDOR_ADVISORY cve@mitre.org - PRESS/MEDIA_COVERAGE cve@mitre.org - PRESS/MEDIA_COVERAGE,THIRD_PARTY_ADVISORY cve@mitre.org - PRESS/MEDIA_COVERAGE,THIRD_PARTY_ADVISORY cve@mitre.org - PRESS/MEDIA_COVERAGE,THIRD_PARTY_ADVISORY cve@mitre.org - PRESS/MEDIA_COVERAGE,THIRD_PARTY_ADVISORY cve@mitre.org - PRODUCT,RELEASE_NOTES,VENDOR_ADVISORY cve@mitre.org - PRODUCT,THIRD_PARTY_ADVISORY cve@mitre.org - PRODUCT,THIRD_PARTY_ADVISORY cve@mitre.org - PRODUCT,VENDOR_ADVISORY cve@mitre.org - RELEASE_NOTES,THIRD_PARTY_ADVISORY cve@mitre.org - RELEASE_NOTES,THIRD_PARTY_ADVISORY cve@mitre.org - RELEASE_NOTES,VENDOR_ADVISORY cve@mitre.org - RELEASE_NOTES,VENDOR_ADVISORY cve@mitre.org - TECHNICAL_DESCRIPTION,THIRD_PARTY_ADVISORY cve@mitre.org - TECHNICAL_DESCRIPTION,VENDOR_ADVISORY cve@mitre.org - TECHNICAL_DESCRIPTION,VENDOR_ADVISORY cve@mitre.org - TECHNICAL_DESCRIPTION,VENDOR_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY,US_GOVERNMENT_RESOURCE cve@mitre.org - VENDOR_ADVISORY cve@mitre.org - VENDOR_ADVISORY cve@mitre.org - VENDOR_ADVISORY cve@mitre.org - VENDOR_ADVISORY cve@mitre.org - VENDOR_ADVISORY cve@mitre.org - VENDOR_ADVISORY cve@mitre.org - VENDOR_ADVISORY cve@mitre.org - VENDOR_ADVISORY cve@mitre.org - VENDOR_ADVISORY cve@mitre.org - VENDOR_ADVISORY cve@mitre.org - VENDOR_ADVISORY cve@mitre.org - VENDOR_ADVISORY cve@mitre.org - VENDOR_ADVISORY cve@mitre.org - VENDOR_ADVISORY cve@mitre.org - VENDOR_ADVISORY cve@mitre.org - VENDOR_ADVISORY cve@mitre.org - VENDOR_ADVISORY cve@mitre.org - VENDOR_ADVISORY cve@mitre.org - VENDOR_ADVISORY cve@mitre.org - VENDOR_ADVISORY cve@mitre.org - VENDOR_ADVISORY Vulnerable Software & Versions: (show all )
grpc-protobuf-1.58.0.jarDescription:
gRPC: Protobuf License:
Apache 2.0: https://opensource.org/licenses/Apache-2.0 File Path: /home/runner/.m2/repository/io/grpc/grpc-protobuf/1.58.0/grpc-protobuf-1.58.0.jar
MD5: 295548dff6c4a2250b8026d6a6693869
SHA1: 2e16536d0b9c27e7b28bf916a528aa92e9ea872d
SHA256: 77f16774992d5802cfeef7a9d00b3a3f9a82d324ce1cab7f84c6f1a0df5a39c3
Referenced In Projects/Scopes: shardingsphere-proxy-distribution:compile shardingsphere-test-e2e-agent-plugins-metrics-prometheus:compile shardingsphere-test-e2e-transaction:compile shardingsphere-test-e2e-agent-plugins-jaeger:compile shardingsphere-agent-metrics-core:provided shardingsphere-proxy-native-distribution:compile shardingsphere-test-e2e-sql:compile shardingsphere-agent-metrics-prometheus:provided shardingsphere-test-e2e-agent-plugins-logging-file:compile shardingsphere-cluster-mode-repository-etcd:compile shardingsphere-test-e2e-agent-plugins-common:compile shardingsphere-jdbc-distribution:compile shardingsphere-test-e2e-env:compile shardingsphere-test-e2e-fixture:compile shardingsphere-proxy-bootstrap:compile shardingsphere-test-e2e-agent-plugins-zipkin:compile shardingsphere-test-e2e-pipeline:compile shardingsphere-test-e2e-showprocesslist:compile grpc-protobuf-1.58.0.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-bootstrap@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-bootstrap@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-cluster-mode-repository-etcd@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-common@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-bootstrap@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-bootstrap@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-common@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-common@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-fixture@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-bootstrap@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-common@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-cluster-mode-repository-etcd@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-bootstrap@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-fixture@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-bootstrap@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-env@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-env@5.5.1-SNAPSHOT pkg:maven/io.etcd/jetcd-core@0.7.7 Evidence Type Source Name Value Confidence Vendor file name grpc-protobuf High Vendor jar package name grpc Highest Vendor jar package name io Highest Vendor jar package name protobuf Highest Vendor Manifest automatic-module-name io.grpc.protobuf Medium Vendor pom artifactid grpc-protobuf Highest Vendor pom artifactid grpc-protobuf Low Vendor pom developer email grpc-io@googlegroups.com Low Vendor pom developer id grpc.io Medium Vendor pom developer name gRPC Contributors Medium Vendor pom developer org gRPC Authors Medium Vendor pom developer org URL https://www.google.com Medium Vendor pom groupid io.grpc Highest Vendor pom name io.grpc:grpc-protobuf High Vendor pom url grpc/grpc-java Highest Product file name grpc-protobuf High Product jar package name grpc Highest Product jar package name io Highest Product jar package name protobuf Highest Product Manifest automatic-module-name io.grpc.protobuf Medium Product Manifest Implementation-Title jar High Product pom artifactid grpc-protobuf Highest Product pom developer email grpc-io@googlegroups.com Low Product pom developer id grpc.io Low Product pom developer name gRPC Contributors Low Product pom developer org gRPC Authors Low Product pom developer org URL https://www.google.com Low Product pom groupid io.grpc Highest Product pom name io.grpc:grpc-protobuf High Product pom url grpc/grpc-java High Version file version 1.58.0 High Version Manifest Implementation-Version 1.58.0 High Version pom version 1.58.0 Highest
Related Dependencies grpc-protobuf-lite-1.58.0.jarFile Path: /home/runner/.m2/repository/io/grpc/grpc-protobuf-lite/1.58.0/grpc-protobuf-lite-1.58.0.jar MD5: 3bea909f29e5c8aba61fa86d9f30f419 SHA1: 60498c6688075a698ea3285587ed318aaf18d9db SHA256: f5d2a3f601620db036f72d51bde4a19f939ac7618058e5743fb3599e778992e7 pkg:maven/io.grpc/grpc-protobuf-lite@1.58.0 CVE-2023-44487 suppress
CISA Known Exploited Vulnerability: Product: IETF HTTP/2 Name: HTTP/2 Rapid Reset Attack Vulnerability Date Added: 2023-10-10 Description: HTTP/2 contains a rapid reset vulnerability that allows for a distributed denial-of-service attack (DDoS). Required Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. Due Date: 2023-10-31 Notes: This vulnerability affects a common open-source component, third-party library, or a protocol used by different products. Please check with specific vendors for information on patching status. For more information, please see: https://blog.cloudflare.com/technical-breakdown-http2-rapid-reset-ddos-attack/
The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. CWE-400 Uncontrolled Resource Consumption
CVSSv3:
Base Score: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:3.9/RC:R/MAV:A References:
cve@mitre.org - EXPLOIT,THIRD_PARTY_ADVISORY cve@mitre.org - ISSUE_TRACKING cve@mitre.org - ISSUE_TRACKING,PATCH,VENDOR_ADVISORY cve@mitre.org - ISSUE_TRACKING,PATCH,VENDOR_ADVISORY cve@mitre.org - ISSUE_TRACKING,PATCH,VENDOR_ADVISORY cve@mitre.org - ISSUE_TRACKING,PATCH,VENDOR_ADVISORY cve@mitre.org - ISSUE_TRACKING,PRESS/MEDIA_COVERAGE cve@mitre.org - ISSUE_TRACKING,THIRD_PARTY_ADVISORY cve@mitre.org - ISSUE_TRACKING,THIRD_PARTY_ADVISORY cve@mitre.org - ISSUE_TRACKING,THIRD_PARTY_ADVISORY cve@mitre.org - ISSUE_TRACKING,THIRD_PARTY_ADVISORY cve@mitre.org - ISSUE_TRACKING,VENDOR_ADVISORY cve@mitre.org - ISSUE_TRACKING,VENDOR_ADVISORY cve@mitre.org - ISSUE_TRACKING,VENDOR_ADVISORY cve@mitre.org - ISSUE_TRACKING,VENDOR_ADVISORY cve@mitre.org - ISSUE_TRACKING,VENDOR_ADVISORY cve@mitre.org - ISSUE_TRACKING,VENDOR_ADVISORY cve@mitre.org - ISSUE_TRACKING,VENDOR_ADVISORY cve@mitre.org - ISSUE_TRACKING,VENDOR_ADVISORY cve@mitre.org - ISSUE_TRACKING,VENDOR_ADVISORY cve@mitre.org - ISSUE_TRACKING,VENDOR_ADVISORY cve@mitre.org - ISSUE_TRACKING,VENDOR_ADVISORY cve@mitre.org - ISSUE_TRACKING,VENDOR_ADVISORY cve@mitre.org - ISSUE_TRACKING,VENDOR_ADVISORY cve@mitre.org - ISSUE_TRACKING,VENDOR_ADVISORY cve@mitre.org - ISSUE_TRACKING,VENDOR_ADVISORY cve@mitre.org - ISSUE_TRACKING,VENDOR_ADVISORY cve@mitre.org - ISSUE_TRACKING,VENDOR_ADVISORY cve@mitre.org - ISSUE_TRACKING,VENDOR_ADVISORY cve@mitre.org - MAILING_LIST cve@mitre.org - MAILING_LIST,PATCH,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,PATCH,VENDOR_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,VENDOR_ADVISORY cve@mitre.org - MAILING_LIST,VENDOR_ADVISORY cve@mitre.org - MITIGATION,PATCH,VENDOR_ADVISORY cve@mitre.org - MITIGATION,PATCH,VENDOR_ADVISORY cve@mitre.org - MITIGATION,VENDOR_ADVISORY cve@mitre.org - MITIGATION,VENDOR_ADVISORY cve@mitre.org - PATCH,THIRD_PARTY_ADVISORY cve@mitre.org - PATCH,THIRD_PARTY_ADVISORY cve@mitre.org - PATCH,VENDOR_ADVISORY cve@mitre.org - PATCH,VENDOR_ADVISORY cve@mitre.org - PATCH,VENDOR_ADVISORY cve@mitre.org - PATCH,VENDOR_ADVISORY cve@mitre.org - PATCH,VENDOR_ADVISORY cve@mitre.org - PATCH,VENDOR_ADVISORY cve@mitre.org - PATCH,VENDOR_ADVISORY cve@mitre.org - PATCH,VENDOR_ADVISORY cve@mitre.org - PATCH,VENDOR_ADVISORY cve@mitre.org - PATCH,VENDOR_ADVISORY cve@mitre.org - PRESS/MEDIA_COVERAGE cve@mitre.org - PRESS/MEDIA_COVERAGE,THIRD_PARTY_ADVISORY cve@mitre.org - PRESS/MEDIA_COVERAGE,THIRD_PARTY_ADVISORY cve@mitre.org - PRESS/MEDIA_COVERAGE,THIRD_PARTY_ADVISORY cve@mitre.org - PRESS/MEDIA_COVERAGE,THIRD_PARTY_ADVISORY cve@mitre.org - PRODUCT,RELEASE_NOTES,VENDOR_ADVISORY cve@mitre.org - PRODUCT,THIRD_PARTY_ADVISORY cve@mitre.org - PRODUCT,THIRD_PARTY_ADVISORY cve@mitre.org - PRODUCT,VENDOR_ADVISORY cve@mitre.org - RELEASE_NOTES,THIRD_PARTY_ADVISORY cve@mitre.org - RELEASE_NOTES,THIRD_PARTY_ADVISORY cve@mitre.org - RELEASE_NOTES,VENDOR_ADVISORY cve@mitre.org - RELEASE_NOTES,VENDOR_ADVISORY cve@mitre.org - TECHNICAL_DESCRIPTION,THIRD_PARTY_ADVISORY cve@mitre.org - TECHNICAL_DESCRIPTION,VENDOR_ADVISORY cve@mitre.org - TECHNICAL_DESCRIPTION,VENDOR_ADVISORY cve@mitre.org - TECHNICAL_DESCRIPTION,VENDOR_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY,US_GOVERNMENT_RESOURCE cve@mitre.org - VENDOR_ADVISORY cve@mitre.org - VENDOR_ADVISORY cve@mitre.org - VENDOR_ADVISORY cve@mitre.org - VENDOR_ADVISORY cve@mitre.org - VENDOR_ADVISORY cve@mitre.org - VENDOR_ADVISORY cve@mitre.org - VENDOR_ADVISORY cve@mitre.org - VENDOR_ADVISORY cve@mitre.org - VENDOR_ADVISORY cve@mitre.org - VENDOR_ADVISORY cve@mitre.org - VENDOR_ADVISORY cve@mitre.org - VENDOR_ADVISORY cve@mitre.org - VENDOR_ADVISORY cve@mitre.org - VENDOR_ADVISORY cve@mitre.org - VENDOR_ADVISORY cve@mitre.org - VENDOR_ADVISORY cve@mitre.org - VENDOR_ADVISORY cve@mitre.org - VENDOR_ADVISORY cve@mitre.org - VENDOR_ADVISORY cve@mitre.org - VENDOR_ADVISORY cve@mitre.org - VENDOR_ADVISORY Vulnerable Software & Versions: (show all )
gson-2.10.1.jarDescription:
Gson JSON library License:
Apache-2.0: https://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/runner/.m2/repository/com/google/code/gson/gson/2.10.1/gson-2.10.1.jar
MD5: df6097815738cb31fc56391553210843
SHA1: b3add478d4382b78ea20b1671390a858002feb6c
SHA256: 4241c14a7727c34feea6507ec801318a3d4a90f070e4525681079fb94ee4c593
Referenced In Projects/Scopes: shardingsphere-agent-metrics-core:provided shardingsphere-proxy-native-distribution:compile shardingsphere-agent-tracing-core:provided shardingsphere-test-e2e-sql:compile shardingsphere-proxy-backend-hbase:compile shardingsphere-agent-logging-file:provided shardingsphere-data-pipeline-cdc-protocol:compile shardingsphere-test-e2e-fixture:compile shardingsphere-agent-plugin-core:provided shardingsphere-test-e2e-agent-plugins-zipkin:compile shardingsphere-agent-plugin-logging:provided shardingsphere-test-e2e-showprocesslist:compile shardingsphere-proxy-distribution:compile shardingsphere-infra-database-hive:provided shardingsphere-test-e2e-transaction:compile shardingsphere-agent-metrics-type:provided shardingsphere-agent-tracing-opentelemetry:provided shardingsphere-data-pipeline-opengauss:compile shardingsphere-data-pipeline-core:compile shardingsphere-test-e2e-agent-plugins-logging-file:compile shardingsphere-schedule-core:compile shardingsphere-agent-tracing-type:provided shardingsphere-proxy-frontend-spi:compile shardingsphere-agent-plugins:provided shardingsphere-agent-plugin-tracing:provided shardingsphere-test-e2e-pipeline:compile shardingsphere-proxy-backend-opengauss:compile shardingsphere-data-pipeline-scenario-consistencycheck:compile shardingsphere-test-e2e-agent-plugins-metrics-prometheus:compile shardingsphere-test-e2e-agent-plugins-jaeger:compile shardingsphere-proxy-backend-postgresql:compile shardingsphere-agent-logging-type:provided shardingsphere-data-pipeline-cdc-core:compile shardingsphere-data-pipeline-postgresql:compile shardingsphere-data-pipeline-mysql:compile shardingsphere-global-clock-tso-provider-redis:provided shardingsphere-test-e2e-env:compile shardingsphere-proxy-frontend-opengauss:compile shardingsphere-proxy-backend-core:compile shardingsphere-test-it-pipeline:compile shardingsphere-data-pipeline-cdc-client:compile shardingsphere-proxy-frontend-postgresql:compile shardingsphere-agent-metrics-prometheus:provided shardingsphere-proxy-frontend-mysql:compile shardingsphere-test-e2e-agent-plugins-common:compile shardingsphere-proxy-frontend-core:compile shardingsphere-proxy-bootstrap:compile shardingsphere-data-pipeline-distsql-handler:compile shardingsphere-agent-plugin-metrics:provided shardingsphere-data-pipeline-scenario-migration:compile shardingsphere-proxy-backend-mysql:compile gson-2.10.1.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-mysql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-schedule-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-postgresql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-env@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-common@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-bootstrap@5.5.1-SNAPSHOT pkg:maven/org.apache.hive/hive-jdbc@3.1.3 pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-postgresql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-scenario-consistencycheck@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere.elasticjob/elasticjob-lite-core@3.0.4 pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-bootstrap@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-cdc-protocol@5.5.1-SNAPSHOT pkg:maven/com.google.protobuf/protobuf-java-util@3.21.12 pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-common@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-env@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/redis.clients/jedis@4.4.6 pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-common@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-cdc-client@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-common@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-fixture@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-fixture@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere.elasticjob/elasticjob-lite-core@3.0.4 pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-bootstrap@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT Evidence Type Source Name Value Confidence Vendor file name gson High Vendor jar package name google Highest Vendor jar package name gson Highest Vendor Manifest build-jdk-spec 11 Low Vendor Manifest bundle-contactaddress https://github.com/google/gson Low Vendor Manifest bundle-developers google;organization=Google;organizationUrl="https://www.google.com" Low Vendor Manifest bundle-docurl https://github.com/google/gson/gson Low Vendor Manifest bundle-requiredexecutionenvironment JavaSE-1.7, JavaSE-1.8 Low Vendor Manifest bundle-symbolicname com.google.gson Medium Vendor Manifest multi-release true Low Vendor pom artifactid gson Highest Vendor pom artifactid gson Low Vendor pom groupid com.google.code.gson Highest Vendor pom name Gson High Vendor pom parent-artifactid gson-parent Low Product file name gson High Product jar package name google Highest Product jar package name gson Highest Product Manifest build-jdk-spec 11 Low Product Manifest bundle-contactaddress https://github.com/google/gson Low Product Manifest bundle-developers google;organization=Google;organizationUrl="https://www.google.com" Low Product Manifest bundle-docurl https://github.com/google/gson/gson Low Product Manifest Bundle-Name Gson Medium Product Manifest bundle-requiredexecutionenvironment JavaSE-1.7, JavaSE-1.8 Low Product Manifest bundle-symbolicname com.google.gson Medium Product Manifest multi-release true Low Product pom artifactid gson Highest Product pom groupid com.google.code.gson Highest Product pom name Gson High Product pom parent-artifactid gson-parent Medium Version file version 2.10.1 High Version Manifest Bundle-Version 2.10.1 High Version pom version 2.10.1 Highest
guava-32.1.2-jre.jar guice-3.0.jarDescription:
Guice is a lightweight dependency injection framework for Java 5 and above License:
http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/runner/.m2/repository/com/google/inject/guice/3.0/guice-3.0.jar
MD5: ca1c7ba366884cfcd2cfb48d2395c400
SHA1: 9d84f15fe35e2c716a02979fb62f50a29f38aefa
SHA256: 1a59d0421ffd355cc0b70b42df1c2e9af744c8a2d0c92da379f5fca2f07f1d22
Referenced In Project/Scope: shardingsphere-infra-database-hive:provided
guice-3.0.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.hive/hive-jdbc@3.1.3
Evidence Type Source Name Value Confidence Vendor file name guice High Vendor jar package name google Highest Vendor jar package name guice Highest Vendor jar package name inject Highest Vendor Manifest bundle-copyright Copyright (C) 2006 Google Inc. Low Vendor Manifest bundle-docurl http://code.google.com/p/google-guice/ Low Vendor Manifest bundle-requiredexecutionenvironment J2SE-1.5,JavaSE-1.6 Low Vendor Manifest bundle-symbolicname com.google.inject Medium Vendor pom artifactid guice Highest Vendor pom artifactid guice Low Vendor pom groupid com.google.inject Highest Vendor pom name Google Guice - Core Library High Vendor pom parent-artifactid guice-parent Low Product file name guice High Product jar package name dependency Highest Product jar package name google Highest Product jar package name guice Highest Product jar package name inject Highest Product Manifest bundle-copyright Copyright (C) 2006 Google Inc. Low Product Manifest bundle-docurl http://code.google.com/p/google-guice/ Low Product Manifest Bundle-Name guice Medium Product Manifest bundle-requiredexecutionenvironment J2SE-1.5,JavaSE-1.6 Low Product Manifest bundle-symbolicname com.google.inject Medium Product pom artifactid guice Highest Product pom groupid com.google.inject Highest Product pom name Google Guice - Core Library High Product pom parent-artifactid guice-parent Medium Version file version 3.0 High Version pom version 3.0 Highest
guice-servlet-3.0.jarDescription:
Guice is a lightweight dependency injection framework for Java 5 and above License:
http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/runner/.m2/repository/com/google/inject/extensions/guice-servlet/3.0/guice-servlet-3.0.jar
MD5: c9f66a5f6a0d840d9057b30853f25b85
SHA1: 610cde0e8da5a8b7d8efb8f0b8987466ffebaaf9
SHA256: 9e72a4b8582888d53c2f4297e93276a3c14c82880124490f2da7b16a9df1c618
Referenced In Project/Scope: shardingsphere-infra-database-hive:provided
guice-servlet-3.0.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.hive/hive-jdbc@3.1.3
Evidence Type Source Name Value Confidence Vendor file name guice-servlet High Vendor jar package name google Highest Vendor jar package name inject Highest Vendor jar package name servlet Highest Vendor Manifest bundle-copyright Copyright (C) 2006 Google Inc. Low Vendor Manifest bundle-docurl http://code.google.com/p/google-guice/ Low Vendor Manifest bundle-requiredexecutionenvironment J2SE-1.5,JavaSE-1.6 Low Vendor Manifest bundle-symbolicname com.google.inject.servlet Medium Vendor pom artifactid guice-servlet Highest Vendor pom artifactid guice-servlet Low Vendor pom groupid com.google.inject.extensions Highest Vendor pom name Google Guice - Extensions - Servlet High Vendor pom parent-artifactid extensions-parent Low Product file name guice-servlet High Product jar package name google Highest Product jar package name inject Highest Product jar package name servlet Highest Product Manifest bundle-copyright Copyright (C) 2006 Google Inc. Low Product Manifest bundle-docurl http://code.google.com/p/google-guice/ Low Product Manifest Bundle-Name guice-servlet Medium Product Manifest bundle-requiredexecutionenvironment J2SE-1.5,JavaSE-1.6 Low Product Manifest bundle-symbolicname com.google.inject.servlet Medium Product pom artifactid guice-servlet Highest Product pom groupid com.google.inject.extensions Highest Product pom name Google Guice - Extensions - Servlet High Product pom parent-artifactid extensions-parent Medium Version file version 3.0 High Version pom version 3.0 Highest
h2-2.2.224.jarDescription:
H2 Database Engine License:
MPL 2.0: https://www.mozilla.org/en-US/MPL/2.0/
EPL 1.0: https://opensource.org/licenses/eclipse-1.0.php File Path: /home/runner/.m2/repository/com/h2database/h2/2.2.224/h2-2.2.224.jar
MD5: 769d5a85d19ccc2b06620f8c81d6d8f8
SHA1: 7bdade27d8cd197d9b5ce9dc251f41d2edc5f7ad
SHA256: b9d8f19358ada82a4f6eb5b174c6cfe320a375b5a9cb5a4fe456d623e6e55497
Referenced In Projects/Scopes: shardingsphere-proxy-native-distribution:runtime shardingsphere-test-e2e-fixture:runtime shardingsphere-proxy-bootstrap:runtime shardingsphere-test-e2e-agent-jdbc-project:compile shardingsphere-standalone-mode-repository-jdbc:runtime shardingsphere-proxy-distribution:runtime shardingsphere-jdbc:runtime h2-2.2.224.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-jdbc-project@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-standalone-mode-repository-jdbc@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-bootstrap@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-jdbc@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-distribution@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-native-distribution@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-fixture@5.5.1-SNAPSHOT Evidence Type Source Name Value Confidence Vendor file name h2 High Vendor jar package name database Highest Vendor jar package name engine Highest Vendor jar package name h2 Highest Vendor Manifest automatic-module-name com.h2database Medium Vendor Manifest bundle-category jdbc Low Vendor Manifest bundle-symbolicname com.h2database Medium Vendor Manifest implementation-url https://h2database.com Low Vendor Manifest multi-release true Low Vendor Manifest provide-capability osgi.service;objectClass:List=org.osgi.service.jdbc.DataSourceFactory Low Vendor pom artifactid h2 Highest Vendor pom artifactid h2 Low Vendor pom developer email thomas.tom.mueller at gmail dot com Low Vendor pom developer id thomas.tom.mueller Medium Vendor pom developer name Thomas Mueller Medium Vendor pom groupid com.h2database Highest Vendor pom name H2 Database Engine High Vendor pom url https://h2database.com Highest Product file name h2 High Product jar package name database Highest Product jar package name engine Highest Product jar package name h2 Highest Product jar package name jdbc Highest Product jar package name org Highest Product jar package name service Highest Product Manifest automatic-module-name com.h2database Medium Product Manifest bundle-category jdbc Low Product Manifest Bundle-Name H2 Database Engine Medium Product Manifest bundle-symbolicname com.h2database Medium Product Manifest Implementation-Title H2 Database Engine High Product Manifest implementation-url https://h2database.com Low Product Manifest multi-release true Low Product Manifest provide-capability osgi.service;objectClass:List=org.osgi.service.jdbc.DataSourceFactory Low Product pom artifactid h2 Highest Product pom developer email thomas.tom.mueller at gmail dot com Low Product pom developer id thomas.tom.mueller Low Product pom developer name Thomas Mueller Low Product pom groupid com.h2database Highest Product pom name H2 Database Engine High Product pom url https://h2database.com Medium Version file version 2.2.224 High Version Manifest Bundle-Version 2.2.224 High Version Manifest Implementation-Version 2.2.224 High Version pom version 2.2.224 Highest
CVE-2018-14335 (OSSINDEX) suppress
h2database - Improper Link Resolution Before File Access
The software attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource. CWE-59 Improper Link Resolution Before File Access ('Link Following')
CVSSv3:
Base Score: MEDIUM (6.0) Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N References:
Vulnerable Software & Versions (OSSINDEX):
cpe:2.3:a:com.h2database:h2:2.2.224:*:*:*:*:*:*:* h2-2.2.224.jar: data.zip: table.jsFile Path: /home/runner/.m2/repository/com/h2database/h2/2.2.224/h2-2.2.224.jar/org/h2/util/data.zip/org/h2/server/web/res/table.jsMD5: f374e067dff4b106b77abab77b360d8bSHA1: 67d0af73251e86e079f1db4b837920309a1a3993SHA256: 75e452b34b317d0a8c630b9ac469db3d82988e221d41adc17cf1bab3c0e88c78Referenced In Projects/Scopes:
shardingsphere-proxy-native-distribution:runtime shardingsphere-test-e2e-fixture:runtime shardingsphere-proxy-bootstrap:runtime shardingsphere-test-e2e-agent-jdbc-project:compile shardingsphere-standalone-mode-repository-jdbc:runtime shardingsphere-proxy-distribution:runtime shardingsphere-jdbc:runtime Evidence Type Source Name Value Confidence
h2-2.2.224.jar: data.zip: tree.jsFile Path: /home/runner/.m2/repository/com/h2database/h2/2.2.224/h2-2.2.224.jar/org/h2/util/data.zip/org/h2/server/web/res/tree.jsMD5: 760f137680a67ae829c2000c4156e050SHA1: d947ebba0777d68aa9397fc7d8b04ce2a725c12bSHA256: 2bb3d968d50a5d96912f77552d772184d0213e2601895517ba53afa64dc433edReferenced In Projects/Scopes:
shardingsphere-proxy-native-distribution:runtime shardingsphere-test-e2e-fixture:runtime shardingsphere-proxy-bootstrap:runtime shardingsphere-test-e2e-agent-jdbc-project:compile shardingsphere-standalone-mode-repository-jdbc:runtime shardingsphere-proxy-distribution:runtime shardingsphere-jdbc:runtime Evidence Type Source Name Value Confidence
hadoop-yarn-common-2.7.1.jar: jquery-1.8.2.min.js.gz: jquery-1.8.2.min.jsFile Path: /home/runner/.m2/repository/org/apache/hadoop/hadoop-yarn-common/2.7.1/hadoop-yarn-common-2.7.1.jar/webapps/static/jquery/jquery-1.8.2.min.js.gz/jquery-1.8.2.min.jsMD5: cfa9051cc0b05eb519f1e16b2a6645d7SHA1: 149b5180cb9de3f646fc26802440a6ac6e758d40SHA256: f23d4b309b72743aa8afe1f8c98a25b3ee31246fa572c66d9d8cb1982cae4fbcReferenced In Project/Scope: shardingsphere-infra-database-hive:provided
Evidence Type Source Name Value Confidence Vendor file name jquery High Product file name jquery High Version file version 1.8.2.min High
CVE-2012-6708 suppress
jQuery before 1.9.0 is vulnerable to Cross-site Scripting (XSS) attacks. The jQuery(strInput) function does not differentiate selectors from HTML in a reliable fashion. In vulnerable versions, jQuery determined whether the input was HTML by looking for the '<' character anywhere in the string, giving attackers more flexibility when attempting to construct a malicious payload. In fixed versions, jQuery only deems the input to be HTML if it explicitly starts with the '<' character, limiting exploitability only to attackers who can control the beginning of a string, which is far less common. CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVSSv2:
Base Score: MEDIUM (4.3) Vector: /AV:N/AC:M/Au:N/C:N/I:P/A:N CVSSv3:
Base Score: MEDIUM (6.1) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:2.8/RC:R/MAV:A References:
Vulnerable Software & Versions (NVD):
cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:* versions up to (excluding) 1.9.0 CVE-2015-9251 suppress
jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed. CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVSSv2:
Base Score: MEDIUM (4.3) Vector: /AV:N/AC:M/Au:N/C:N/I:P/A:N CVSSv3:
Base Score: MEDIUM (6.1) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:2.8/RC:R/MAV:A References:
Vulnerable Software & Versions (NVD):
cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:* versions up to (excluding) 3.0.0 cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.0.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.2.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.3.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.3.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:banking_platform:2.6.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:banking_platform:2.6.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:banking_platform:2.6.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:business_process_management_suite:11.1.1.9.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:business_process_management_suite:12.1.3.0.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:business_process_management_suite:12.2.1.3.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_converged_application_server:*:*:*:*:*:*:*:* versions up to (excluding) 7.0.0.1 cpe:2.3:a:oracle:communications_interactive_session_recorder:6.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_interactive_session_recorder:6.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_interactive_session_recorder:6.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_services_gatekeeper:*:*:*:*:*:*:*:* versions up to (excluding) 6.1.0.4.0 cpe:2.3:a:oracle:communications_webrtc_session_controller:*:*:*:*:*:*:*:* versions up to (excluding) 7.2 cpe:2.3:a:oracle:endeca_information_discovery_studio:3.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:endeca_information_discovery_studio:3.2.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:enterprise_manager_ops_center:12.2.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3:*:*:*:*:*:*:* cpe:2.3:a:oracle:enterprise_operations_monitor:3.4:*:*:*:*:*:*:* cpe:2.3:a:oracle:enterprise_operations_monitor:4.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:* versions from (including) 7.3.3; versions up to (including) 7.3.5 cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:* versions from (including) 8.0.0; versions up to (including) 8.0.7 cpe:2.3:a:oracle:financial_services_asset_liability_management:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.7 cpe:2.3:a:oracle:financial_services_data_integration_hub:*:*:*:*:*:*:*:* versions from (including) 8.0.5; versions up to (including) 8.0.7 cpe:2.3:a:oracle:financial_services_funds_transfer_pricing:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.7 cpe:2.3:a:oracle:financial_services_hedge_management_and_ifrs_valuations:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.7 cpe:2.3:a:oracle:financial_services_liquidity_risk_management:*:*:*:*:*:*:*:* versions from (including) 8.0.2; versions up to (including) 8.0.6 cpe:2.3:a:oracle:financial_services_loan_loss_forecasting_and_provisioning:*:*:*:*:*:*:*:* versions from (including) 8.0.2; versions up to (including) 8.0.7 cpe:2.3:a:oracle:financial_services_market_risk_measurement_and_management:8.0.5:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_market_risk_measurement_and_management:8.0.6:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_profitability_management:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.6 cpe:2.3:a:oracle:financial_services_reconciliation_framework:8.0.5:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_reconciliation_framework:8.0.6:*:*:*:*:*:*:* cpe:2.3:a:oracle:fusion_middleware_mapviewer:12.2.1.3.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:healthcare_foundation:7.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:healthcare_foundation:7.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:healthcare_translational_research:3.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:hospitality_cruise_fleet_management:9.0.11:*:*:*:*:*:*:* cpe:2.3:a:oracle:hospitality_guest_access:4.2.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:hospitality_guest_access:4.2.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:hospitality_materials_control:18.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:hospitality_reporting_and_analytics:9.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:5.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:5.4:*:*:*:*:*:*:* cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:5.5:*:*:*:*:*:*:* cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:9.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:jdeveloper:11.1.1.9.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:jdeveloper:12.1.3.0.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:jdeveloper:12.2.1.3.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:oss_support_tools:19.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.55:*:*:*:*:*:*:* cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.56:*:*:*:*:*:*:* cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57:*:*:*:*:*:*:* cpe:2.3:a:oracle:primavera_gateway:15.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:primavera_gateway:16.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:primavera_gateway:17.12:*:*:*:*:*:*:* cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:* versions from (including) 17.1; versions up to (including) 17.12 cpe:2.3:a:oracle:primavera_unifier:16.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:primavera_unifier:16.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:primavera_unifier:18.8:*:*:*:*:*:*:* cpe:2.3:a:oracle:real-time_scheduler:2.3.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:retail_allocation:15.0.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:retail_customer_insights:15.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:retail_customer_insights:16.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:retail_invoice_matching:15.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:retail_sales_audit:15.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:retail_workforce_management_software:1.60.9:*:*:*:*:*:*:* cpe:2.3:a:oracle:retail_workforce_management_software:1.64.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:service_bus:12.1.3.0.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:service_bus:12.2.1.3.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:siebel_ui_framework:18.10:*:*:*:*:*:*:* cpe:2.3:a:oracle:siebel_ui_framework:18.11:*:*:*:*:*:*:* cpe:2.3:a:oracle:utilities_framework:*:*:*:*:*:*:*:* versions from (including) 4.3.0.1; versions up to (including) 4.3.0.4 cpe:2.3:a:oracle:utilities_mobile_workforce_management:2.3.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:webcenter_sites:11.1.1.8.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:weblogic_server:12.1.3.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:weblogic_server:12.2.1.3:*:*:*:*:*:*:* CVE-2019-11358 suppress
jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype. CWE-1321 Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
CVSSv2:
Base Score: MEDIUM (4.3) Vector: /AV:N/AC:M/Au:N/C:N/I:P/A:N CVSSv3:
Base Score: MEDIUM (6.1) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:2.8/RC:R/MAV:A References:
cve@mitre.org - BROKEN_LINK,THIRD_PARTY_ADVISORY,VDB_ENTRY cve@mitre.org - EXPLOIT,THIRD_PARTY_ADVISORY cve@mitre.org - ISSUE_TRACKING cve@mitre.org - ISSUE_TRACKING cve@mitre.org - ISSUE_TRACKING cve@mitre.org - ISSUE_TRACKING cve@mitre.org - ISSUE_TRACKING cve@mitre.org - ISSUE_TRACKING cve@mitre.org - ISSUE_TRACKING cve@mitre.org - ISSUE_TRACKING cve@mitre.org - ISSUE_TRACKING cve@mitre.org - ISSUE_TRACKING cve@mitre.org - ISSUE_TRACKING cve@mitre.org - ISSUE_TRACKING cve@mitre.org - ISSUE_TRACKING cve@mitre.org - ISSUE_TRACKING cve@mitre.org - ISSUE_TRACKING cve@mitre.org - ISSUE_TRACKING cve@mitre.org - ISSUE_TRACKING cve@mitre.org - ISSUE_TRACKING cve@mitre.org - ISSUE_TRACKING cve@mitre.org - ISSUE_TRACKING,MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,PATCH,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,PATCH,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,PATCH,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,PATCH,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - PATCH,THIRD_PARTY_ADVISORY cve@mitre.org - PATCH,THIRD_PARTY_ADVISORY cve@mitre.org - PATCH,THIRD_PARTY_ADVISORY cve@mitre.org - PATCH,THIRD_PARTY_ADVISORY cve@mitre.org - PATCH,THIRD_PARTY_ADVISORY cve@mitre.org - PATCH,THIRD_PARTY_ADVISORY cve@mitre.org - PATCH,THIRD_PARTY_ADVISORY cve@mitre.org - PATCH,THIRD_PARTY_ADVISORY cve@mitre.org - PATCH,THIRD_PARTY_ADVISORY cve@mitre.org - PATCH,THIRD_PARTY_ADVISORY cve@mitre.org - PATCH,THIRD_PARTY_ADVISORY cve@mitre.org - PATCH,THIRD_PARTY_ADVISORY cve@mitre.org - PATCH,THIRD_PARTY_ADVISORY cve@mitre.org - PATCH,THIRD_PARTY_ADVISORY cve@mitre.org - PATCH,THIRD_PARTY_ADVISORY cve@mitre.org - RELEASE_NOTES,VENDOR_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY,VDB_ENTRY cve@mitre.org - THIRD_PARTY_ADVISORY,VDB_ENTRY cve@mitre.org - THIRD_PARTY_ADVISORY,VDB_ENTRY info - https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/ info - https://github.com/jquery/jquery/commit/753d591aea698e57d6db58c9f722cd0808619b1b info - https://nvd.nist.gov/vuln/detail/CVE-2019-11358 Vulnerable Software & Versions (NVD):
cpe:2.3:a:backdropcms:backdrop:*:*:*:*:*:*:*:* versions from (including) 1.11.0; versions up to (excluding) 1.11.9 cpe:2.3:a:backdropcms:backdrop:*:*:*:*:*:*:*:* versions from (including) 1.12.0; versions up to (excluding) 1.12.6 cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:* versions from (including) 7.0; versions up to (excluding) 7.66 cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:* versions from (including) 8.5.0; versions up to (excluding) 8.5.15 cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:* versions from (including) 8.6.0; versions up to (excluding) 8.6.15 cpe:2.3:a:joomla:joomla\!:*:*:*:*:*:*:*:* versions from (including) 3.0.0; versions up to (including) 3.9.4 cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:* versions up to (excluding) 3.4.0 cpe:2.3:a:netapp:oncommand_system_manager:*:*:*:*:*:*:*:* versions from (including) 3.0; versions up to (including) 3.1.3 cpe:2.3:a:netapp:snapcenter:-:*:*:*:*:*:*:* cpe:2.3:a:opensuse:backports_sle:15.0:sp1:*:*:*:*:*:* cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.0.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.2.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.3.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:application_express:*:*:*:*:*:*:*:* versions up to (excluding) 19.1 cpe:2.3:a:oracle:application_service_level_management:13.2.0.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:application_service_level_management:13.3.0.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:application_testing_suite:12.5.0.3:*:*:*:*:*:*:* cpe:2.3:a:oracle:application_testing_suite:13.1.0.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:application_testing_suite:13.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:application_testing_suite:13.2.0.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:application_testing_suite:13.3:*:*:*:*:*:*:* cpe:2.3:a:oracle:application_testing_suite:13.3.0.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:banking_digital_experience:18.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:banking_digital_experience:18.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:banking_digital_experience:18.3:*:*:*:*:*:*:* cpe:2.3:a:oracle:banking_digital_experience:19.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:banking_digital_experience:19.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:banking_digital_experience:20.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:banking_enterprise_collections:*:*:*:*:*:*:*:* versions from (including) 2.7.0; versions up to (including) 2.8.0 cpe:2.3:a:oracle:banking_platform:*:*:*:*:*:*:*:* versions from (including) 2.4.0; versions up to (including) 2.10.0 cpe:2.3:a:oracle:bi_publisher:5.5.0.0.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:bi_publisher:12.2.1.3.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:bi_publisher:12.2.1.4.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:big_data_discovery:1.6:*:*:*:*:*:*:* cpe:2.3:a:oracle:business_process_management_suite:12.2.1.3.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:business_process_management_suite:12.2.1.4.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_analytics:12.1.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_application_session_controller:3.8m0:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_billing_and_revenue_management:7.5:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_billing_and_revenue_management:7.5.0.23.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_billing_and_revenue_management:12.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_billing_and_revenue_management:12.0.0.3.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_diameter_signaling_router:8.0.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_diameter_signaling_router:8.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_diameter_signaling_router:8.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_diameter_signaling_router:8.2.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_eagle_application_processor:*:*:*:*:*:*:*:* versions from (including) 16.1.0; versions up to (including) 16.4.0 cpe:2.3:a:oracle:communications_element_manager:8.1.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_element_manager:8.2.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_element_manager:8.2.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_interactive_session_recorder:*:*:*:*:*:*:*:* versions from (including) 6.0; versions up to (including) 6.4 cpe:2.3:a:oracle:communications_operations_monitor:*:*:*:*:*:*:*:* versions from (including) 4.1; versions up to (including) 4.3 cpe:2.3:a:oracle:communications_operations_monitor:3.4:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_operations_monitor:4.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_operations_monitor:4.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_services_gatekeeper:7.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_session_report_manager:8.1.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_session_report_manager:8.2.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_session_report_manager:8.2.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_session_route_manager:8.1.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_session_route_manager:8.2.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_session_route_manager:8.2.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_unified_inventory_management:7.3:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_webrtc_session_controller:7.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:diagnostic_assistant:2.12.36:*:*:*:*:*:*:* cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3:*:*:*:*:*:*:* cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:enterprise_session_border_controller:8.4:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:* versions from (including) 7.3.3; versions up to (including) 7.3.5 cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:* versions from (including) 8.0.2; versions up to (including) 8.1.0 cpe:2.3:a:oracle:financial_services_analytical_applications_reconciliation_framework:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.7 cpe:2.3:a:oracle:financial_services_analytical_applications_reconciliation_framework:8.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_asset_liability_management:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.7 cpe:2.3:a:oracle:financial_services_asset_liability_management:8.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_balance_sheet_planning:8.0.8:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_basel_regulatory_capital_basic:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.7 cpe:2.3:a:oracle:financial_services_basel_regulatory_capital_basic:8.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_basel_regulatory_capital_internal_ratings_based_approach:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.7 cpe:2.3:a:oracle:financial_services_basel_regulatory_capital_internal_ratings_based_approach:8.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_data_foundation:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.8 cpe:2.3:a:oracle:financial_services_data_governance_for_us_regulatory_reporting:*:*:*:*:*:*:*:* versions from (including) 8.0.6; versions up to (including) 8.0.9 cpe:2.3:a:oracle:financial_services_data_integration_hub:*:*:*:*:*:*:*:* versions from (including) 8.0.5; versions up to (including) 8.0.7 cpe:2.3:a:oracle:financial_services_data_integration_hub:8.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_enterprise_financial_performance_analytics:8.0.6:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_enterprise_financial_performance_analytics:8.0.7:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_funds_transfer_pricing:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.7 cpe:2.3:a:oracle:financial_services_funds_transfer_pricing:8.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_hedge_management_and_ifrs_valuations:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.7 cpe:2.3:a:oracle:financial_services_hedge_management_and_ifrs_valuations:8.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.7 cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_liquidity_risk_management:8.0.0.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_liquidity_risk_management:8.0.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_liquidity_risk_management:8.0.4.0.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_liquidity_risk_management:8.0.5.0.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_liquidity_risk_management:8.0.6:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_liquidity_risk_measurement_and_management:8.0.7:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_liquidity_risk_measurement_and_management:8.0.8:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_liquidity_risk_measurement_and_management:8.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_loan_loss_forecasting_and_provisioning:*:*:*:*:*:*:*:* versions from (including) 8.0.2; versions up to (including) 8.0.7 cpe:2.3:a:oracle:financial_services_loan_loss_forecasting_and_provisioning:8.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_market_risk_measurement_and_management:8.0.5:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_market_risk_measurement_and_management:8.0.6:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_market_risk_measurement_and_management:8.0.8:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_price_creation_and_discovery:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.7 cpe:2.3:a:oracle:financial_services_profitability_management:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.7 cpe:2.3:a:oracle:financial_services_profitability_management:8.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_regulatory_reporting_for_de_nederlandsche_bank:8.0.4:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_regulatory_reporting_for_european_banking_authority:8.0.6:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_regulatory_reporting_for_european_banking_authority:8.0.7:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_regulatory_reporting_for_us_federal_reserve:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.7 cpe:2.3:a:oracle:financial_services_retail_customer_analytics:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.6 cpe:2.3:a:oracle:financial_services_retail_performance_analytics:8.0.6:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_retail_performance_analytics:8.0.7:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_revenue_management_and_billing:2.4.0.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_revenue_management_and_billing:2.4.0.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:fusion_middleware_mapviewer:12.2.1.3.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:healthcare_foundation:7.1.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:healthcare_foundation:7.2.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:healthcare_foundation:7.2.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:healthcare_foundation:7.3.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:healthcare_translational_research:3.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:healthcare_translational_research:3.2.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:healthcare_translational_research:3.3.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:healthcare_translational_research:3.3.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:healthcare_translational_research:3.4.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:hospitality_guest_access:4.2.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:hospitality_guest_access:4.2.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:hospitality_materials_control:18.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:hospitality_simphony:*:*:*:*:*:*:*:* versions from (including) 19.1.0; versions up to (including) 19.1.2 cpe:2.3:a:oracle:hospitality_simphony:18.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:hospitality_simphony:18.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:identity_manager:12.2.1.3.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:insurance_accounting_analyzer:8.0.9:*:*:*:*:*:*:* cpe:2.3:a:oracle:insurance_allocation_manager_for_enterprise_profitability:8.0.8:*:*:*:*:*:*:* cpe:2.3:a:oracle:insurance_allocation_manager_for_enterprise_profitability:8.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:insurance_data_foundation:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.7 cpe:2.3:a:oracle:insurance_ifrs_17_analyzer:8.0.6:*:*:*:*:*:*:* cpe:2.3:a:oracle:insurance_ifrs_17_analyzer:8.0.7:*:*:*:*:*:*:* cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:*:*:*:*:*:*:*:* versions from (including) 5.0.0.0; versions up to (including) 5.6.0.0 cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:5.6.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:insurance_performance_insight:8.0.7:*:*:*:*:*:*:* cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:9.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:jdeveloper:11.1.1.9.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:jdeveloper:12.2.1.3.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:jdeveloper:12.2.1.4.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:jdeveloper_and_adf:11.1.1.9.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:jdeveloper_and_adf:12.1.3.0.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:jdeveloper_and_adf:12.2.1.3.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:knowledge:*:*:*:*:*:*:*:* versions from (including) 8.6.0; versions up to (including) 8.6.3 cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.55:*:*:*:*:*:*:* cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.56:*:*:*:*:*:*:* cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57:*:*:*:*:*:*:* cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:*:*:*:*:*:*:* cpe:2.3:a:oracle:policy_automation:*:*:*:*:*:*:*:* versions from (including) 12.2.0; versions up to (including) 12.2.15 cpe:2.3:a:oracle:policy_automation:10.4.7:*:*:*:*:*:*:* cpe:2.3:a:oracle:policy_automation:12.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:policy_automation:12.1.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:policy_automation_connector_for_siebel:10.4.6:*:*:*:*:*:*:* cpe:2.3:a:oracle:policy_automation_for_mobile_devices:*:*:*:*:*:*:*:* versions from (including) 12.2.0; versions up to (including) 12.2.15 cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:* versions from (including) 16.2.0; versions up to (including) 16.2.11 cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:* versions from (including) 17.12.0; versions up to (including) 17.12.7 cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:* versions from (including) 18.8.0; versions up to (including) 18.8.9 cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:* versions from (including) 19.12.0; versions up to (including) 19.12.4 cpe:2.3:a:oracle:primavera_gateway:15.2.18:*:*:*:*:*:*:* cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:* versions from (including) 17.7; versions up to (including) 17.12 cpe:2.3:a:oracle:primavera_unifier:16.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:primavera_unifier:16.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:primavera_unifier:18.8:*:*:*:*:*:*:* cpe:2.3:a:oracle:real-time_scheduler:*:*:*:*:*:*:*:* versions from (including) 2.3.0.1; versions up to (including) 2.3.0.3 cpe:2.3:a:oracle:rest_data_services:18c:*:*:*:-:*:*:* cpe:2.3:a:oracle:rest_data_services:19c:*:*:*:-:*:*:* cpe:2.3:a:oracle:rest_data_services:11.2.0.4:*:*:*:-:*:*:* cpe:2.3:a:oracle:rest_data_services:12.1.0.2:*:*:*:-:*:*:* cpe:2.3:a:oracle:rest_data_services:12.2.0.1:*:*:*:-:*:*:* cpe:2.3:a:oracle:retail_back_office:14.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:retail_back_office:14.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:retail_central_office:14.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:retail_central_office:14.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:retail_customer_insights:15.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:retail_customer_insights:16.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:retail_customer_management_and_segmentation_foundation:18.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:retail_customer_management_and_segmentation_foundation:19.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:retail_point-of-service:14.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:retail_point-of-service:14.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:retail_returns_management:14.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:retail_returns_management:14.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:service_bus:11.1.1.9.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:service_bus:12.1.3.0.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:service_bus:12.2.1.3.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:siebel_mobile_applications:*:*:*:*:*:*:*:* versions up to (including) 19.8 cpe:2.3:a:oracle:siebel_ui_framework:20.8:*:*:*:*:*:*:* cpe:2.3:a:oracle:storagetek_tape_analytics_sw_tool:2.3.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:system_utilities:19.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:tape_library_acsls:8.5:*:*:*:*:*:*:* cpe:2.3:a:oracle:tape_library_acsls:8.5.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:transportation_management:1.4.3:*:*:*:*:*:*:* cpe:2.3:a:oracle:utilities_mobile_workforce_management:*:*:*:*:*:*:*:* versions from (including) 2.3.0.1; versions up to (including) 2.3.0.3 cpe:2.3:a:oracle:webcenter_sites:12.2.1.3.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:weblogic_server:10.3.6.0.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:weblogic_server:12.1.3.0.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:* cpe:2.3:a:redhat:cloudforms:4.7:*:*:*:*:*:*:* cpe:2.3:a:redhat:virtualization_manager:4.3:*:*:*:*:*:*:* CVE-2020-11022 suppress
In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0. CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVSSv2:
Base Score: MEDIUM (4.3) Vector: /AV:N/AC:M/Au:N/C:N/I:P/A:N CVSSv3:
Base Score: MEDIUM (6.1) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:2.8/RC:R/MAV:A References:
info - https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/ security-advisories@github.com - BROKEN_LINK security-advisories@github.com - BROKEN_LINK security-advisories@github.com - BROKEN_LINK security-advisories@github.com - EXPLOIT,THIRD_PARTY_ADVISORY,VDB_ENTRY security-advisories@github.com - MAILING_LIST,THIRD_PARTY_ADVISORY security-advisories@github.com - MITIGATION,THIRD_PARTY_ADVISORY security-advisories@github.com - MITIGATION,VENDOR_ADVISORY security-advisories@github.com - PATCH,THIRD_PARTY_ADVISORY security-advisories@github.com - PATCH,THIRD_PARTY_ADVISORY security-advisories@github.com - PATCH,THIRD_PARTY_ADVISORY security-advisories@github.com - PATCH,THIRD_PARTY_ADVISORY security-advisories@github.com - PATCH,THIRD_PARTY_ADVISORY security-advisories@github.com - PATCH,THIRD_PARTY_ADVISORY security-advisories@github.com - RELEASE_NOTES,VENDOR_ADVISORY security-advisories@github.com - THIRD_PARTY_ADVISORY security-advisories@github.com - THIRD_PARTY_ADVISORY security-advisories@github.com - THIRD_PARTY_ADVISORY security-advisories@github.com - THIRD_PARTY_ADVISORY security-advisories@github.com - THIRD_PARTY_ADVISORY security-advisories@github.com - THIRD_PARTY_ADVISORY security-advisories@github.com - THIRD_PARTY_ADVISORY security-advisories@github.com - THIRD_PARTY_ADVISORY security-advisories@github.com - THIRD_PARTY_ADVISORY security-advisories@github.com - THIRD_PARTY_ADVISORY security-advisories@github.com - THIRD_PARTY_ADVISORY Vulnerable Software & Versions (NVD):
cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:* versions from (including) 7.0; versions up to (excluding) 7.70 cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:* versions from (including) 8.7.0; versions up to (excluding) 8.7.14 cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:* versions from (including) 8.8.0; versions up to (excluding) 8.8.6 cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:* versions from (including) 1.2; versions up to (excluding) 3.5.0 cpe:2.3:a:netapp:max_data:-:*:*:*:*:*:*:* cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:* cpe:2.3:a:netapp:oncommand_system_manager:*:*:*:*:*:*:*:* versions from (including) 3.0; versions up to (including) 3.1.3 cpe:2.3:a:netapp:snap_creator_framework:-:*:*:*:*:*:*:* cpe:2.3:a:netapp:snapcenter:-:*:*:*:*:*:*:* cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.0.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:agile_product_supplier_collaboration_for_process:6.2.0.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:application_testing_suite:13.3.0.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:banking_digital_experience:*:*:*:*:*:*:*:* versions from (including) 18.1; versions up to (including) 20.1 cpe:2.3:a:oracle:banking_digital_experience:18.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:banking_digital_experience:18.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:banking_digital_experience:18.3:*:*:*:*:*:*:* cpe:2.3:a:oracle:banking_digital_experience:19.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:banking_digital_experience:19.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:banking_digital_experience:20.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:blockchain_platform:*:*:*:*:*:*:*:* versions up to (excluding) 21.1.2 cpe:2.3:a:oracle:communications_application_session_controller:3.8m0:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_billing_and_revenue_management:7.5.0.23.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_billing_and_revenue_management:12.0.0.3.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_diameter_signaling_router_idih\::*:*:*:*:*:*:*:* versions from (including) 8.0.0; versions up to (including) 8.2.2 cpe:2.3:a:oracle:communications_eagle_application_processor:*:*:*:*:*:*:*:* versions from (including) 16.1.0; versions up to (including) 16.4.0 cpe:2.3:a:oracle:communications_services_gatekeeper:7.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_webrtc_session_controller:7.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:enterprise_session_border_controller:8.4:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:* versions from (including) 8.0.6; versions up to (including) 8.1.0 cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:* versions from (including) 8.0.6.0.0; versions up to (including) 8.1.0.0.0 cpe:2.3:a:oracle:financial_services_analytical_applications_reconciliation_framework:*:*:*:*:*:*:*:* versions from (including) 8.0.6; versions up to (including) 8.0.8 cpe:2.3:a:oracle:financial_services_analytical_applications_reconciliation_framework:8.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_asset_liability_management:8.0.6:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_asset_liability_management:8.0.7:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_asset_liability_management:8.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_balance_sheet_planning:8.0.8:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_basel_regulatory_capital_basic:*:*:*:*:*:*:*:* versions from (including) 8.0.6; versions up to (including) 8.0.8 cpe:2.3:a:oracle:financial_services_basel_regulatory_capital_basic:8.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_basel_regulatory_capital_internal_ratings_based_approach:*:*:*:*:*:*:*:* versions from (including) 8.0.6; versions up to (including) 8.0.8 cpe:2.3:a:oracle:financial_services_basel_regulatory_capital_internal_ratings_based_approach:8.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_data_foundation:*:*:*:*:*:*:*:* versions from (including) 8.0.6; versions up to (including) 8.1.0 cpe:2.3:a:oracle:financial_services_data_governance_for_us_regulatory_reporting:*:*:*:*:*:*:*:* versions from (including) 8.0.6; versions up to (including) 8.0.9 cpe:2.3:a:oracle:financial_services_data_integration_hub:8.0.6:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_data_integration_hub:8.0.7:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_data_integration_hub:8.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_funds_transfer_pricing:8.0.6:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_funds_transfer_pricing:8.0.7:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_funds_transfer_pricing:8.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_hedge_management_and_ifrs_valuations:*:*:*:*:*:*:*:* versions from (including) 8.0.6; versions up to (including) 8.0.8 cpe:2.3:a:oracle:financial_services_hedge_management_and_ifrs_valuations:8.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.0.6:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.0.7:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_liquidity_risk_management:8.0.6:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_liquidity_risk_measurement_and_management:8.0.7:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_liquidity_risk_measurement_and_management:8.0.8:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_liquidity_risk_measurement_and_management:8.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_loan_loss_forecasting_and_provisioning:*:*:*:*:*:*:*:* versions from (including) 8.0.6; versions up to (including) 8.0.8 cpe:2.3:a:oracle:financial_services_loan_loss_forecasting_and_provisioning:8.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_market_risk_measurement_and_management:8.0.6:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_market_risk_measurement_and_management:8.0.8:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_price_creation_and_discovery:8.0.6:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_price_creation_and_discovery:8.0.7:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_profitability_management:8.0.6:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_profitability_management:8.0.7:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_profitability_management:8.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_regulatory_reporting_for_european_banking_authority:*:*:*:*:*:*:*:* versions from (including) 8.0.6; versions up to (including) 8.1.0 cpe:2.3:a:oracle:financial_services_regulatory_reporting_for_us_federal_reserve:*:*:*:*:*:*:*:* versions from (including) 8.0.6; versions up to (including) 8.0.9 cpe:2.3:a:oracle:healthcare_foundation:7.1.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:healthcare_foundation:7.2.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:healthcare_foundation:7.2.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:healthcare_foundation:7.3.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:hospitality_materials_control:18.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:hospitality_simphony:*:*:*:*:*:*:*:* versions from (including) 19.1.0; versions up to (including) 19.1.2 cpe:2.3:a:oracle:hospitality_simphony:18.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:hospitality_simphony:18.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:hospitality_simphony:19.1.0-19.1.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:insurance_accounting_analyzer:8.0.9:*:*:*:*:*:*:* cpe:2.3:a:oracle:insurance_allocation_manager_for_enterprise_profitability:8.0.8:*:*:*:*:*:*:* cpe:2.3:a:oracle:insurance_allocation_manager_for_enterprise_profitability:8.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:insurance_data_foundation:*:*:*:*:*:*:*:* versions from (including) 8.0.6; versions up to (including) 8.1.0 cpe:2.3:a:oracle:insurance_data_foundation:8.0.6-8.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:*:*:*:*:*:*:*:* versions from (including) 5.0.0.0; versions up to (including) 5.6.0.0 cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:5.6.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:jdeveloper:11.1.1.9.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:jdeveloper:12.2.1.3.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:jdeveloper:12.2.1.4.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.56:*:*:*:*:*:*:* cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57:*:*:*:*:*:*:* cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:*:*:*:*:*:*:* cpe:2.3:a:oracle:policy_automation:*:*:*:*:*:*:*:* versions from (including) 12.2.0; versions up to (including) 12.2.20 cpe:2.3:a:oracle:policy_automation_connector_for_siebel:10.4.6:*:*:*:*:*:*:* cpe:2.3:a:oracle:policy_automation_for_mobile_devices:*:*:*:*:*:*:*:* versions from (including) 12.2.0; versions up to (including) 12.2.20 cpe:2.3:a:oracle:retail_back_office:14.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:retail_back_office:14.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:retail_customer_management_and_segmentation_foundation:19.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:retail_returns_management:14.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:retail_returns_management:14.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:siebel_ui_framework:20.8:*:*:*:*:*:*:* cpe:2.3:a:oracle:storagetek_acsls:8.5.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:weblogic_server:10.3.6.0.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:weblogic_server:12.1.3.0.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:* cpe:2.3:a:tenable:log_correlation_engine:*:*:*:*:*:*:*:* versions up to (excluding) 6.0.9 CVE-2020-11023 suppress
In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing <option> elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0. CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVSSv2:
Base Score: MEDIUM (4.3) Vector: /AV:N/AC:M/Au:N/C:N/I:P/A:N CVSSv3:
Base Score: MEDIUM (6.1) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:2.8/RC:R/MAV:A References:
info - https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/ security-advisories@github.com - BROKEN_LINK security-advisories@github.com - BROKEN_LINK security-advisories@github.com - BROKEN_LINK,MAILING_LIST,THIRD_PARTY_ADVISORY security-advisories@github.com - EXPLOIT,THIRD_PARTY_ADVISORY,VDB_ENTRY security-advisories@github.com - MAILING_LIST,THIRD_PARTY_ADVISORY security-advisories@github.com - PATCH,THIRD_PARTY_ADVISORY security-advisories@github.com - PATCH,THIRD_PARTY_ADVISORY security-advisories@github.com - PATCH,THIRD_PARTY_ADVISORY security-advisories@github.com - PATCH,THIRD_PARTY_ADVISORY security-advisories@github.com - PATCH,THIRD_PARTY_ADVISORY security-advisories@github.com - RELEASE_NOTES,VENDOR_ADVISORY security-advisories@github.com - RELEASE_NOTES,VENDOR_ADVISORY security-advisories@github.com - THIRD_PARTY_ADVISORY security-advisories@github.com - THIRD_PARTY_ADVISORY security-advisories@github.com - THIRD_PARTY_ADVISORY security-advisories@github.com - THIRD_PARTY_ADVISORY security-advisories@github.com - THIRD_PARTY_ADVISORY security-advisories@github.com - THIRD_PARTY_ADVISORY security-advisories@github.com - THIRD_PARTY_ADVISORY security-advisories@github.com - THIRD_PARTY_ADVISORY security-advisories@github.com - THIRD_PARTY_ADVISORY security-advisories@github.com - THIRD_PARTY_ADVISORY security-advisories@github.com - THIRD_PARTY_ADVISORY Vulnerable Software & Versions (NVD):
cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:* versions from (including) 7.0; versions up to (excluding) 7.70 cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:* versions from (including) 8.7.0; versions up to (excluding) 8.7.14 cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:* versions from (including) 8.8.0; versions up to (excluding) 8.8.6 cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:* versions from (including) 1.0.3; versions up to (excluding) 3.5.0 cpe:2.3:a:netapp:max_data:-:*:*:*:*:*:*:* cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:* cpe:2.3:a:netapp:oncommand_system_manager:*:*:*:*:*:*:*:* versions from (including) 3.0; versions up to (including) 3.1.3 cpe:2.3:a:netapp:snap_creator_framework:-:*:*:*:*:*:*:* cpe:2.3:a:netapp:snapcenter_server:-:*:*:*:*:*:*:* cpe:2.3:a:oracle:application_express:*:*:*:*:*:*:*:* versions up to (excluding) 20.2 cpe:2.3:a:oracle:application_testing_suite:13.3.0.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:banking_enterprise_collections:*:*:*:*:*:*:*:* versions from (including) 2.7.0; versions up to (including) 2.8.0 cpe:2.3:a:oracle:banking_platform:*:*:*:*:*:*:*:* versions from (including) 2.4.0; versions up to (including) 2.10.0 cpe:2.3:a:oracle:business_intelligence:5.9.0.0.0:*:*:*:enterprise:*:*:* cpe:2.3:a:oracle:communications_analytics:12.1.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_eagle_application_processor:*:*:*:*:*:*:*:* versions from (including) 16.1.0; versions up to (including) 16.4.0 cpe:2.3:a:oracle:communications_element_manager:8.1.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_element_manager:8.2.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_element_manager:8.2.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_interactive_session_recorder:*:*:*:*:*:*:*:* versions from (including) 6.1; versions up to (including) 6.4 cpe:2.3:a:oracle:communications_operations_monitor:*:*:*:*:*:*:*:* versions from (including) 4.1; versions up to (including) 4.3 cpe:2.3:a:oracle:communications_operations_monitor:3.4:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_services_gatekeeper:7.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_session_report_manager:8.1.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_session_report_manager:8.2.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_session_report_manager:8.2.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_session_route_manager:8.1.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_session_route_manager:8.2.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_session_route_manager:8.2.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_regulatory_reporting_for_de_nederlandsche_bank:8.0.4:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_revenue_management_and_billing_analytics:2.7:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_revenue_management_and_billing_analytics:2.8:*:*:*:*:*:*:* cpe:2.3:a:oracle:health_sciences_inform:6.3.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:healthcare_translational_research:3.2.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:healthcare_translational_research:3.3.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:healthcare_translational_research:3.3.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:healthcare_translational_research:3.4.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:hyperion_financial_reporting:11.1.2.4:*:*:*:*:*:*:* cpe:2.3:a:oracle:jd_edwards_enterpriseone_orchestrator:*:*:*:*:*:*:*:* versions up to (excluding) 9.2.5.0 cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:*:*:*:*:*:*:*:* versions up to (excluding) 9.2.5.0 cpe:2.3:a:oracle:oss_support_tools:*:*:*:*:*:*:*:* versions up to (excluding) 2.12.41 cpe:2.3:a:oracle:peoplesoft_enterprise_human_capital_management_resources:9.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:* versions from (including) 16.2; versions up to (including) 16.2.11 cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:* versions from (including) 17.12.0; versions up to (including) 17.12.7 cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:* versions from (including) 18.8.0; versions up to (including) 18.8.9 cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:* versions from (including) 19.12.0; versions up to (including) 19.12.4 cpe:2.3:a:oracle:rest_data_services:18c:*:*:*:-:*:*:* cpe:2.3:a:oracle:rest_data_services:19c:*:*:*:-:*:*:* cpe:2.3:a:oracle:rest_data_services:11.2.0.4:*:*:*:-:*:*:* cpe:2.3:a:oracle:rest_data_services:12.1.0.2:*:*:*:-:*:*:* cpe:2.3:a:oracle:rest_data_services:12.2.0.1:*:*:*:-:*:*:* cpe:2.3:a:oracle:siebel_mobile:*:*:*:*:*:*:*:* versions up to (including) 20.12 cpe:2.3:a:oracle:storagetek_acsls:8.5.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:storagetek_tape_analytics_sw_tool:2.3.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:webcenter_sites:12.2.1.3.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:webcenter_sites:12.2.1.4.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:weblogic_server:12.1.3.0.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:* cpe:2.3:a:tenable:log_correlation_engine:*:*:*:*:*:*:*:* versions up to (excluding) 6.0.9 CVE-2020-7656 suppress
jquery prior to 1.9.0 allows Cross-site Scripting attacks via the load method. The load method fails to recognize and remove "<script>" HTML tags that contain a whitespace character, i.e: "</script >", which results in the enclosed script logic to be executed. CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVSSv2:
Base Score: MEDIUM (4.3) Vector: /AV:N/AC:M/Au:N/C:N/I:P/A:N CVSSv3:
Base Score: MEDIUM (6.1) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:2.8/RC:R/MAV:A References:
Vulnerable Software & Versions (NVD):
cpe:2.3:a:jquery:jquery:*:*:*:*:*:node.js:*:* versions up to (excluding) 1.9.0 cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:linux:*:* cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:* cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:* cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:* cpe:2.3:a:netapp:oncommand_system_manager:*:*:*:*:*:*:*:* versions from (including) 3.0.0; versions up to (including) 3.1.3 cpe:2.3:a:netapp:snap_creator_framework:-:*:*:*:*:*:*:* cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:*:*:*:*:*:*:* jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates (RETIREJS) suppress
jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates Unscored:
References:
hadoop-yarn-common-2.7.1.jar: jquery-ui-1.9.1.custom.min.js.gz: jquery-ui-1.9.1.custom.min.jsFile Path: /home/runner/.m2/repository/org/apache/hadoop/hadoop-yarn-common/2.7.1/hadoop-yarn-common-2.7.1.jar/webapps/static/jquery/jquery-ui-1.9.1.custom.min.js.gz/jquery-ui-1.9.1.custom.min.jsMD5: ab92e49c769e9593ff52cbdb48a9dd03SHA1: 43751816cc0b6480e8fb3b2398952d6a865e8b89SHA256: 1fb0b66548624c8cf9ebf2d0c81970910ab0c8031a8ada6f8e6f884114344e8dReferenced In Project/Scope: shardingsphere-infra-database-hive:provided
Evidence Type Source Name Value Confidence Vendor file name jquery-ui High Vendor file name jquery-ui-dialog High Product file name jquery-ui High Product file name jquery-ui-dialog High Version file version 1.9.1 High
CVE-2010-5312 suppress
Cross-site scripting (XSS) vulnerability in jquery.ui.dialog.js in the Dialog widget in jQuery UI before 1.10.0 allows remote attackers to inject arbitrary web script or HTML via the title option. CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVSSv2:
Base Score: MEDIUM (4.3) Vector: /AV:N/AC:M/Au:N/C:N/I:P/A:N CVSSv3:
Base Score: MEDIUM (6.1) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:2.8/RC:R/MAV:A References:
cve@mitre.org - BROKEN_LINK,THIRD_PARTY_ADVISORY,VDB_ENTRY cve@mitre.org - BROKEN_LINK,THIRD_PARTY_ADVISORY,VDB_ENTRY cve@mitre.org - EXPLOIT,VENDOR_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - PATCH,THIRD_PARTY_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY,VDB_ENTRY cve@mitre.org - VENDOR_ADVISORY info - http://bugs.jqueryui.com/ticket/6016 info - https://nvd.nist.gov/vuln/detail/CVE-2010-5312 Vulnerable Software & Versions (NVD):
cpe:2.3:a:apache:drill:1.16.0:*:*:*:*:*:*:* cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:* versions from (including) 7.0; versions up to (excluding) 7.86 cpe:2.3:a:jqueryui:jquery_ui:*:*:*:*:*:jquery:*:* versions up to (excluding) 1.10.0 cpe:2.3:a:netapp:snapcenter:-:*:*:*:*:*:*:* CVE-2016-7103 suppress
Cross-site scripting (XSS) vulnerability in jQuery UI before 1.12.0 might allow remote attackers to inject arbitrary web script or HTML via the closeText parameter of the dialog function. CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVSSv2:
Base Score: MEDIUM (4.3) Vector: /AV:N/AC:M/Au:N/C:N/I:P/A:N CVSSv3:
Base Score: MEDIUM (6.1) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:2.8/RC:R/MAV:A References:
cve@mitre.org - BROKEN_LINK,THIRD_PARTY_ADVISORY,VDB_ENTRY cve@mitre.org - EXPLOIT,ISSUE_TRACKING,PATCH,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - PATCH,THIRD_PARTY_ADVISORY cve@mitre.org - PATCH,THIRD_PARTY_ADVISORY cve@mitre.org - PATCH,THIRD_PARTY_ADVISORY cve@mitre.org - PATCH,THIRD_PARTY_ADVISORY cve@mitre.org - PATCH,THIRD_PARTY_ADVISORY cve@mitre.org - RELEASE_NOTES,VENDOR_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY,VDB_ENTRY info - https://github.com/jquery/api.jqueryui.com/issues/281 info - https://nvd.nist.gov/vuln/detail/CVE-2016-7103 info - https://snyk.io/vuln/npm:jquery-ui:20160721 Vulnerable Software & Versions (NVD):
cpe:2.3:a:jqueryui:jquery_ui:*:*:*:*:*:*:*:* versions from (including) 1.10.0; versions up to (including) 1.11.4 cpe:2.3:a:netapp:snapcenter:-:*:*:*:*:*:*:* cpe:2.3:a:oracle:application_express:*:*:*:*:*:*:*:* versions up to (excluding) 19.1 cpe:2.3:a:oracle:business_intelligence:12.2.1.3.0:*:*:*:enterprise:*:*:* cpe:2.3:a:oracle:business_intelligence:12.2.1.4.0:*:*:*:enterprise:*:*:* cpe:2.3:a:oracle:hospitality_cruise_fleet_management:9.0.11:*:*:*:*:*:*:* cpe:2.3:a:oracle:oss_support_tools:*:*:*:*:*:*:*:* versions up to (excluding) 2.12.42 cpe:2.3:a:oracle:oss_support_tools:2.12.42:*:*:*:*:*:*:* cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:* versions from (including) 16.0; versions up to (including) 16.2 cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:* versions from (including) 17.0; versions up to (including) 17.12.4 cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:* versions from (including) 18.0; versions up to (including) 18.8.4 cpe:2.3:a:oracle:siebel_ui_framework:*:*:*:*:*:*:*:* versions up to (including) 21.2 cpe:2.3:a:oracle:weblogic_server:10.3.6.0.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:weblogic_server:12.1.3.0.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:* cpe:2.3:a:redhat:openstack:7.0:*:*:*:*:*:*:* cpe:2.3:a:redhat:openstack:8:*:*:*:*:*:*:* cpe:2.3:a:redhat:openstack:9:*:*:*:*:*:*:* CVE-2021-41182 suppress
jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of the `altField` option of the Datepicker widget from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. Any string value passed to the `altField` option is now treated as a CSS selector. A workaround is to not accept the value of the `altField` option from untrusted sources. CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVSSv2:
Base Score: MEDIUM (4.3) Vector: /AV:N/AC:M/Au:N/C:N/I:P/A:N CVSSv3:
Base Score: MEDIUM (6.1) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:2.8/RC:R/MAV:A References:
info - https://github.com/jquery/jquery-ui/security/advisories/GHSA-9gj3-hwp5-pmwc info - https://nvd.nist.gov/vuln/detail/CVE-2021-41182 security-advisories@github.com - EXPLOIT,MITIGATION,THIRD_PARTY_ADVISORY security-advisories@github.com - MAILING_LIST,THIRD_PARTY_ADVISORY security-advisories@github.com - MAILING_LIST,THIRD_PARTY_ADVISORY security-advisories@github.com - MAILING_LIST,THIRD_PARTY_ADVISORY security-advisories@github.com - MAILING_LIST,THIRD_PARTY_ADVISORY security-advisories@github.com - MAILING_LIST,THIRD_PARTY_ADVISORY security-advisories@github.com - MAILING_LIST,THIRD_PARTY_ADVISORY security-advisories@github.com - PATCH,THIRD_PARTY_ADVISORY security-advisories@github.com - PATCH,THIRD_PARTY_ADVISORY security-advisories@github.com - PATCH,THIRD_PARTY_ADVISORY security-advisories@github.com - RELEASE_NOTES,VENDOR_ADVISORY security-advisories@github.com - THIRD_PARTY_ADVISORY security-advisories@github.com - THIRD_PARTY_ADVISORY security-advisories@github.com - THIRD_PARTY_ADVISORY security-advisories@github.com - THIRD_PARTY_ADVISORY Vulnerable Software & Versions (NVD):
cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:* versions from (including) 7.0; versions up to (excluding) 7.86 cpe:2.3:a:jqueryui:jquery_ui:*:*:*:*:*:jquery:*:* versions up to (excluding) 1.13.0 cpe:2.3:a:oracle:agile_plm:9.3.6:*:*:*:*:*:*:* cpe:2.3:a:oracle:application_express:*:*:*:*:*:*:*:* versions up to (excluding) 22.1.1 cpe:2.3:a:oracle:banking_platform:2.9.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:banking_platform:2.12.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:big_data_spatial_and_graph:*:*:*:*:*:*:*:* versions up to (excluding) 23.1 cpe:2.3:a:oracle:big_data_spatial_and_graph:23.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_interactive_session_recorder:6.4:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_operations_monitor:4.3:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_operations_monitor:4.4:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_operations_monitor:5.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:hospitality_inventory_management:9.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:hospitality_materials_control:18.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:hospitality_suite8:*:*:*:*:*:*:*:* versions from (including) 8.11.0; versions up to (including) 8.14.0 cpe:2.3:a:oracle:hospitality_suite8:8.10.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:*:*:*:*:*:*:*:* versions up to (including) 9.2.6.3 cpe:2.3:a:oracle:mysql_enterprise_monitor:*:*:*:*:*:*:*:* versions up to (including) 8.0.29 cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:*:*:*:*:*:*:* cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.59:*:*:*:*:*:*:* cpe:2.3:a:oracle:policy_automation:*:*:*:*:*:*:*:* versions from (including) 12.2.0; versions up to (including) 12.2.25 cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:* versions from (including) 17.7; versions up to (including) 17.12 cpe:2.3:a:oracle:primavera_unifier:17.7:*:*:*:*:*:*:* cpe:2.3:a:oracle:primavera_unifier:17.8:*:*:*:*:*:*:* cpe:2.3:a:oracle:primavera_unifier:17.9:*:*:*:*:*:*:* cpe:2.3:a:oracle:primavera_unifier:17.10:*:*:*:*:*:*:* cpe:2.3:a:oracle:primavera_unifier:17.11:*:*:*:*:*:*:* cpe:2.3:a:oracle:primavera_unifier:17.12:*:*:*:*:*:*:* cpe:2.3:a:oracle:primavera_unifier:18.8:*:*:*:*:*:*:* cpe:2.3:a:oracle:primavera_unifier:19.12:*:*:*:*:*:*:* cpe:2.3:a:oracle:primavera_unifier:20.12:*:*:*:*:*:*:* cpe:2.3:a:oracle:primavera_unifier:21.12:*:*:*:*:*:*:* cpe:2.3:a:oracle:rest_data_services:*:*:*:*:-:*:*:* versions up to (excluding) 22.1.1 cpe:2.3:a:oracle:rest_data_services:22.1.1:*:*:*:-:*:*:* cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:* cpe:2.3:a:tenable:tenable.sc:*:*:*:*:*:*:*:* versions up to (excluding) 5.21.0 CVE-2021-41183 suppress
jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of various `*Text` options of the Datepicker widget from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. The values passed to various `*Text` options are now always treated as pure text, not HTML. A workaround is to not accept the value of the `*Text` options from untrusted sources. CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVSSv2:
Base Score: MEDIUM (4.3) Vector: /AV:N/AC:M/Au:N/C:N/I:P/A:N CVSSv3:
Base Score: MEDIUM (6.1) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:2.8/RC:R/MAV:A References:
info - https://bugs.jqueryui.com/ticket/15284 info - https://nvd.nist.gov/vuln/detail/CVE-2021-41183 security-advisories@github.com - EXPLOIT,MITIGATION,THIRD_PARTY_ADVISORY security-advisories@github.com - ISSUE_TRACKING,VENDOR_ADVISORY security-advisories@github.com - MAILING_LIST,THIRD_PARTY_ADVISORY security-advisories@github.com - MAILING_LIST,THIRD_PARTY_ADVISORY security-advisories@github.com - MAILING_LIST,THIRD_PARTY_ADVISORY security-advisories@github.com - MAILING_LIST,THIRD_PARTY_ADVISORY security-advisories@github.com - MAILING_LIST,THIRD_PARTY_ADVISORY security-advisories@github.com - MAILING_LIST,THIRD_PARTY_ADVISORY security-advisories@github.com - PATCH,RELEASE_NOTES,THIRD_PARTY_ADVISORY security-advisories@github.com - PATCH,THIRD_PARTY_ADVISORY security-advisories@github.com - PATCH,THIRD_PARTY_ADVISORY security-advisories@github.com - RELEASE_NOTES,VENDOR_ADVISORY security-advisories@github.com - THIRD_PARTY_ADVISORY security-advisories@github.com - THIRD_PARTY_ADVISORY security-advisories@github.com - THIRD_PARTY_ADVISORY security-advisories@github.com - THIRD_PARTY_ADVISORY security-advisories@github.com - THIRD_PARTY_ADVISORY Vulnerable Software & Versions (NVD):
cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:* versions from (including) 7.0; versions up to (excluding) 7.86 cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:* versions from (including) 9.2.0; versions up to (excluding) 9.2.11 cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:* versions from (including) 9.3.0; versions up to (excluding) 9.3.3 cpe:2.3:a:jqueryui:jquery_ui:*:*:*:*:*:jquery:*:* versions up to (excluding) 1.13.0 cpe:2.3:a:oracle:agile_plm:9.3.6:*:*:*:*:*:*:* cpe:2.3:a:oracle:application_express:*:*:*:*:*:*:*:* versions up to (excluding) 22.1.1 cpe:2.3:a:oracle:banking_platform:2.9.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:banking_platform:2.12.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:big_data_spatial_and_graph:*:*:*:*:*:*:*:* versions up to (excluding) 23.1 cpe:2.3:a:oracle:big_data_spatial_and_graph:23.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_interactive_session_recorder:6.4:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_operations_monitor:4.3:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_operations_monitor:4.4:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_operations_monitor:5.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:hospitality_inventory_management:9.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:hospitality_suite8:*:*:*:*:*:*:*:* versions from (including) 8.11.0; versions up to (including) 11.14.0 cpe:2.3:a:oracle:hospitality_suite8:8.10.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:*:*:*:*:*:*:*:* versions up to (including) 9.2.6.3 cpe:2.3:a:oracle:mysql_enterprise_monitor:*:*:*:*:*:*:*:* versions up to (including) 8.0.29 cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:*:*:*:*:*:*:* cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.59:*:*:*:*:*:*:* cpe:2.3:a:oracle:policy_automation:*:*:*:*:*:*:*:* versions from (including) 12.2.0; versions up to (including) 12.2.5 cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:* versions from (including) 17.7; versions up to (including) 17.12 cpe:2.3:a:oracle:primavera_gateway:18.8.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:primavera_gateway:19.12.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:primavera_gateway:20.12.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:primavera_gateway:21.12.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:rest_data_services:*:*:*:*:-:*:*:* versions up to (excluding) 22.1.1 cpe:2.3:a:oracle:rest_data_services:22.1.1:*:*:*:-:*:*:* cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:* cpe:2.3:a:tenable:tenable.sc:*:*:*:*:*:*:*:* versions up to (excluding) 5.21.0 CVE-2021-41184 suppress
jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of the `of` option of the `.position()` util from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. Any string value passed to the `of` option is now treated as a CSS selector. A workaround is to not accept the value of the `of` option from untrusted sources. CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVSSv2:
Base Score: MEDIUM (4.3) Vector: /AV:N/AC:M/Au:N/C:N/I:P/A:N CVSSv3:
Base Score: MEDIUM (6.1) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:2.8/RC:R/MAV:A References:
info - https://github.com/jquery/jquery-ui/security/advisories/GHSA-gpqq-952q-5327 info - https://nvd.nist.gov/vuln/detail/CVE-2021-41184 security-advisories@github.com - MAILING_LIST,THIRD_PARTY_ADVISORY security-advisories@github.com - MAILING_LIST,THIRD_PARTY_ADVISORY security-advisories@github.com - MAILING_LIST,THIRD_PARTY_ADVISORY security-advisories@github.com - MAILING_LIST,THIRD_PARTY_ADVISORY security-advisories@github.com - MAILING_LIST,THIRD_PARTY_ADVISORY security-advisories@github.com - MITIGATION,PATCH,VENDOR_ADVISORY security-advisories@github.com - PATCH,RELEASE_NOTES,THIRD_PARTY_ADVISORY security-advisories@github.com - PATCH,THIRD_PARTY_ADVISORY security-advisories@github.com - PATCH,VENDOR_ADVISORY security-advisories@github.com - RELEASE_NOTES,VENDOR_ADVISORY security-advisories@github.com - THIRD_PARTY_ADVISORY security-advisories@github.com - THIRD_PARTY_ADVISORY security-advisories@github.com - THIRD_PARTY_ADVISORY Vulnerable Software & Versions (NVD):
cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:* versions from (including) 7.0; versions up to (excluding) 7.86 cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:* versions from (including) 9.2.0; versions up to (excluding) 9.2.11 cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:* versions from (including) 9.3.0; versions up to (excluding) 9.3.3 cpe:2.3:a:jqueryui:jquery_ui:*:*:*:*:*:jquery:*:* versions up to (excluding) 1.13.0 cpe:2.3:a:oracle:agile_plm:9.3.6:*:*:*:*:*:*:* cpe:2.3:a:oracle:application_express:*:*:*:*:*:*:*:* versions up to (excluding) 22.1.1 cpe:2.3:a:oracle:banking_platform:2.9.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:banking_platform:2.12.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:big_data_spatial_and_graph:*:*:*:*:*:*:*:* versions up to (excluding) 23.1 cpe:2.3:a:oracle:big_data_spatial_and_graph:23.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_interactive_session_recorder:6.4:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_operations_monitor:4.3:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_operations_monitor:4.4:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_operations_monitor:5.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:hospitality_inventory_management:9.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:hospitality_materials_control:18.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:hospitality_suite8:*:*:*:*:*:*:*:* versions from (including) 8.11.0; versions up to (including) 8.14.0 cpe:2.3:a:oracle:hospitality_suite8:8.10.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:*:*:*:*:*:*:*:* versions up to (including) 9.2.6.3 cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:*:*:*:*:*:*:* cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.59:*:*:*:*:*:*:* cpe:2.3:a:oracle:policy_automation:*:*:*:*:*:*:*:* versions from (including) 12.2.0; versions up to (including) 12.2.25 cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:* versions from (including) 17.7; versions up to (including) 17.12 cpe:2.3:a:oracle:primavera_unifier:18.8:*:*:*:*:*:*:* cpe:2.3:a:oracle:primavera_unifier:19.12:*:*:*:*:*:*:* cpe:2.3:a:oracle:primavera_unifier:20.12:*:*:*:*:*:*:* cpe:2.3:a:oracle:primavera_unifier:21.12:*:*:*:*:*:*:* cpe:2.3:a:oracle:rest_data_services:*:*:*:*:-:*:*:* versions up to (excluding) 22.1.1 cpe:2.3:a:oracle:rest_data_services:22.1.1:*:*:*:-:*:*:* cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:* cpe:2.3:a:tenable:tenable.sc:*:*:*:*:*:*:*:* versions up to (excluding) 5.21.0 CVE-2022-31160 suppress
jQuery UI is a curated set of user interface interactions, effects, widgets, and themes built on top of jQuery. Versions prior to 1.13.2 are potentially vulnerable to cross-site scripting. Initializing a checkboxradio widget on an input enclosed within a label makes that parent label contents considered as the input label. Calling `.checkboxradio( "refresh" )` on such a widget and the initial HTML contained encoded HTML entities will make them erroneously get decoded. This can lead to potentially executing JavaScript code. The bug has been patched in jQuery UI 1.13.2. To remediate the issue, someone who can change the initial HTML can wrap all the non-input contents of the `label` in a `span`. CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVSSv3:
Base Score: MEDIUM (6.1) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:2.8/RC:R/MAV:A References:
Vulnerable Software & Versions (NVD):
cpe:2.3:a:drupal:jquery_ui_checkboxradio:8.x-1.0:*:*:*:*:drupal:*:* cpe:2.3:a:drupal:jquery_ui_checkboxradio:8.x-1.1:*:*:*:*:drupal:*:* cpe:2.3:a:drupal:jquery_ui_checkboxradio:8.x-1.2:*:*:*:*:drupal:*:* cpe:2.3:a:drupal:jquery_ui_checkboxradio:8.x-1.3:*:*:*:*:drupal:*:* cpe:2.3:a:jqueryui:jquery_ui:*:*:*:*:*:jquery:*:* versions up to (excluding) 1.13.2 cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:* hadoop-yarn-common-2.7.1.jar: jquery.dataTables.min.js.gz: jquery.dataTables.min.jsFile Path: /home/runner/.m2/repository/org/apache/hadoop/hadoop-yarn-common/2.7.1/hadoop-yarn-common-2.7.1.jar/webapps/static/dt-1.9.4/js/jquery.dataTables.min.js.gz/jquery.dataTables.min.jsMD5: dd02e31cea8b6f07d665e5a0d0b53f50SHA1: 98c517335f66552467f2372e1cd650f93cbffeafSHA256: 1783d49bec463c334d276a72d3b239f6366f6487c2e77e544838e8c6dcc657d9Referenced In Project/Scope: shardingsphere-infra-database-hive:provided
Evidence Type Source Name Value Confidence
hadoop-yarn-common-2.7.1.jar: jquery.jstree.js.gz: jquery.jstree.jsFile Path: /home/runner/.m2/repository/org/apache/hadoop/hadoop-yarn-common/2.7.1/hadoop-yarn-common-2.7.1.jar/webapps/static/jt/jquery.jstree.js.gz/jquery.jstree.jsMD5: 90107823a51eda2bbe77a6b2baac3466SHA1: 89944976806fcac399356f8d698952473f936489SHA256: 9dcb812e3e7f2c38f0c93a37e4aa923ce3a74ab65a97656957ff3fb780baf3d0Referenced In Project/Scope: shardingsphere-infra-database-hive:provided
Evidence Type Source Name Value Confidence
hadoop-yarn-common-2.7.1.jar: yarn.dt.plugins.jsFile Path: /home/runner/.m2/repository/org/apache/hadoop/hadoop-yarn-common/2.7.1/hadoop-yarn-common-2.7.1.jar/webapps/static/yarn.dt.plugins.jsMD5: 92892ffa06992a58682b3df403910d8fSHA1: 6c45673282b91be2d21977d3ffb53797179e4854SHA256: f3b3e49f23c491bbd0d3e15fbd1a7e60315e6cac4c2e8ba7be7ab1c058880ba1Referenced In Project/Scope: shardingsphere-infra-database-hive:provided
Evidence Type Source Name Value Confidence
hadoop-yarn-server-common-2.7.1.jarFile Path: /home/runner/.m2/repository/org/apache/hadoop/hadoop-yarn-server-common/2.7.1/hadoop-yarn-server-common-2.7.1.jarMD5: 6cc1420cc2bb6847039f397cae8a997cSHA1: cc984982dff120fd92f832054d718712240ca36bSHA256: 07c1568a7f38f63cc8f1f804dc6bff8938851c7dd22e5264b35def24668bb5daReferenced In Project/Scope: shardingsphere-infra-database-hive:providedhadoop-yarn-server-common-2.7.1.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.hive/hive-jdbc@3.1.3
Evidence Type Source Name Value Confidence Vendor file name hadoop-yarn-server-common High Vendor jar package name apache Highest Vendor jar package name apache Low Vendor jar package name hadoop Highest Vendor jar package name hadoop Low Vendor jar package name server Highest Vendor jar package name yarn Highest Vendor jar package name yarn Low Vendor pom artifactid hadoop-yarn-server-common Highest Vendor pom artifactid hadoop-yarn-server-common Low Vendor pom groupid org.apache.hadoop Highest Vendor pom name hadoop-yarn-server-common High Vendor pom parent-artifactid hadoop-yarn-server Low Product file name hadoop-yarn-server-common High Product jar package name apache Highest Product jar package name hadoop Highest Product jar package name hadoop Low Product jar package name server Highest Product jar package name server Low Product jar package name yarn Highest Product jar package name yarn Low Product pom artifactid hadoop-yarn-server-common Highest Product pom groupid org.apache.hadoop Highest Product pom name hadoop-yarn-server-common High Product pom parent-artifactid hadoop-yarn-server Medium Version file version 2.7.1 High Version pom version 2.7.1 Highest
Related Dependencies hadoop-annotations-2.7.1.jarFile Path: /home/runner/.m2/repository/org/apache/hadoop/hadoop-annotations/2.7.1/hadoop-annotations-2.7.1.jar MD5: 9241fc042f90a1939cbb7d4ed6099f4b SHA1: 2a77fe74ee056bf45598cf7e20cd624e8388e627 SHA256: 34021c7406f283e1cc4ee5a33172e9fc3d37ce5f19774f7d9c680c06e3a3f172 pkg:maven/org.apache.hadoop/hadoop-annotations@2.7.1 hadoop-auth-2.7.1.jarFile Path: /home/runner/.m2/repository/org/apache/hadoop/hadoop-auth/2.7.1/hadoop-auth-2.7.1.jar MD5: 77ca28aa2e8ac6b180c3ee30f0cd28e1 SHA1: 2515f339f97f1d7ba850485e06e395a58586bc2e SHA256: e8538f39ea0cf6a11d6961749df89b1fe4d51a3f7bc54c276440e3895e72b8ef pkg:maven/org.apache.hadoop/hadoop-auth@2.7.1 hadoop-client-2.7.1.jarFile Path: /home/runner/.m2/repository/org/apache/hadoop/hadoop-client/2.7.1/hadoop-client-2.7.1.jar MD5: 34552f854720759214db5e9064d2f7af SHA1: dbc2faacd210e6a1e3eb7def6e42065c7457d960 SHA256: 7eef4e1162da1129bfdf59dd390bcb90c33332db4aeaeec37efc701413361051 pkg:maven/org.apache.hadoop/hadoop-client@2.7.1 hadoop-common-2.7.1.jarFile Path: /home/runner/.m2/repository/org/apache/hadoop/hadoop-common/2.7.1/hadoop-common-2.7.1.jar MD5: d4fdc0f464f95c18dc46458945523d1c SHA1: 50580f5ebab60b1b318ad157f668d8e40a1cc0da SHA256: 6516a7d3c1427dcd2d156328bd6b3d25003b04b6bad43fe4a50348a9f144f4e2 pkg:maven/org.apache.hadoop/hadoop-common@2.7.1 hadoop-distcp-2.7.1.jarFile Path: /home/runner/.m2/repository/org/apache/hadoop/hadoop-distcp/2.7.1/hadoop-distcp-2.7.1.jar MD5: 161d2ed400cb3d8dddb2116d2c591854 SHA1: cfa5eed3bc298f5b76417c45052a940e51747eb9 SHA256: b9e34cc51dace65c134def69074a3d9b444f3ca1d950632131dec9da2cf59f17 pkg:maven/org.apache.hadoop/hadoop-distcp@2.7.1 hadoop-hdfs-2.7.1.jarFile Path: /home/runner/.m2/repository/org/apache/hadoop/hadoop-hdfs/2.7.1/hadoop-hdfs-2.7.1.jar MD5: de1a82806696af4c4062419579747d51 SHA1: 11681de93a4cd76c841e352b7094f839b072a21f SHA256: 0805a343908d1718b8fdb343f3a80a88a3f737fccdd219174b997410382f4032 pkg:maven/org.apache.hadoop/hadoop-hdfs@2.7.1 hadoop-mapreduce-client-app-2.7.1.jarFile Path: /home/runner/.m2/repository/org/apache/hadoop/hadoop-mapreduce-client-app/2.7.1/hadoop-mapreduce-client-app-2.7.1.jar MD5: 8b400cbfa97f32b4f3369b7af27a3f9d SHA1: 8050f2a7dc051b54817b81585558f32aecd65ce0 SHA256: 928c174b486eafee24c02c6a47b2b7a50d3c92468894696ba9f86c0e661084b9 pkg:maven/org.apache.hadoop/hadoop-mapreduce-client-app@2.7.1 hadoop-mapreduce-client-common-2.7.1.jarFile Path: /home/runner/.m2/repository/org/apache/hadoop/hadoop-mapreduce-client-common/2.7.1/hadoop-mapreduce-client-common-2.7.1.jar MD5: a4b4ec472bbd6a154021efe4a81f1934 SHA1: 116100a4016451a98733489fc1227925b2dd4a4a SHA256: 11217152a529e5916d46c67410a057fb87e2b8fefe06118c075a3b8339de9ce0 pkg:maven/org.apache.hadoop/hadoop-mapreduce-client-common@2.7.1 hadoop-mapreduce-client-core-2.7.1.jarFile Path: /home/runner/.m2/repository/org/apache/hadoop/hadoop-mapreduce-client-core/2.7.1/hadoop-mapreduce-client-core-2.7.1.jar MD5: 069f25d2ef1ce6d2fa4a343fe4299f01 SHA1: de969defb8b8d788481f609b42e3f7b5cbe41c76 SHA256: 8af6691384f6cc3996aa0b8224bdeec28059210a2a0a3bd85dbd4af918a2d430 pkg:maven/org.apache.hadoop/hadoop-mapreduce-client-core@2.7.1 hadoop-mapreduce-client-jobclient-2.7.1.jarFile Path: /home/runner/.m2/repository/org/apache/hadoop/hadoop-mapreduce-client-jobclient/2.7.1/hadoop-mapreduce-client-jobclient-2.7.1.jar MD5: e99d0893347ffa29cb988379fe6a02c0 SHA1: f68441815faca5419eb5e8ab906ba21f14a23600 SHA256: 54f05ecf8e87f05e8604b5ad4d8abf92feb473e303bacca9f983be75ea39d2c5 pkg:maven/org.apache.hadoop/hadoop-mapreduce-client-jobclient@2.7.1 hadoop-mapreduce-client-shuffle-2.7.1.jarFile Path: /home/runner/.m2/repository/org/apache/hadoop/hadoop-mapreduce-client-shuffle/2.7.1/hadoop-mapreduce-client-shuffle-2.7.1.jar MD5: 4f0609cbfb6d6bfab890dcde9d25d1f5 SHA1: 4c8e530a0e24142380a548e3d29b411443ae86f6 SHA256: 695f00f41bd1cd15b3ca26f139fb031565becd2635315211203c4e685e165e6a pkg:maven/org.apache.hadoop/hadoop-mapreduce-client-shuffle@2.7.1 hadoop-yarn-api-2.7.1.jarFile Path: /home/runner/.m2/repository/org/apache/hadoop/hadoop-yarn-api/2.7.1/hadoop-yarn-api-2.7.1.jar MD5: 55e85d2ee4fc6e611f13453f8a12c0b7 SHA1: 91840e1f4f0caec10aad4d460470a98db6a4cbe8 SHA256: 8144c8c6df3bc2f5bdd67026fb2bfe009a9acc46cb5f112878b70e928abb10d2 pkg:maven/org.apache.hadoop/hadoop-yarn-api@2.7.1 hadoop-yarn-client-2.7.1.jarFile Path: /home/runner/.m2/repository/org/apache/hadoop/hadoop-yarn-client/2.7.1/hadoop-yarn-client-2.7.1.jar MD5: 5ddc298626059b9216d7624407820d93 SHA1: d138b9194b64c6883270f4606a07d55203cd5ddd SHA256: 4ae0e9c6d14d4edd3d9357734e3ae81c13a75556515778faf3081923115dbfdc pkg:maven/org.apache.hadoop/hadoop-yarn-client@2.7.1 hadoop-yarn-common-2.7.1.jarFile Path: /home/runner/.m2/repository/org/apache/hadoop/hadoop-yarn-common/2.7.1/hadoop-yarn-common-2.7.1.jar MD5: c8b01676b904f757d90bd827b429ff98 SHA1: d6412e04f64f191bde1467c0662f1f014ac5dc85 SHA256: 469fa2ba1e8b6614fd2b5b50ea5459fbc88213a37c27f6076457f929647268b2 pkg:maven/org.apache.hadoop/hadoop-yarn-common@2.7.1 CVE-2016-3086 suppress
The YARN NodeManager in Apache Hadoop 2.6.x before 2.6.5 and 2.7.x before 2.7.3 can leak the password for credential store provider used by the NodeManager to YARN Applications. CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
CVSSv2:
Base Score: MEDIUM (5.0) Vector: /AV:N/AC:L/Au:N/C:P/I:N/A:N CVSSv3:
Base Score: CRITICAL (9.8) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:3.9/RC:R/MAV:A References:
Vulnerable Software & Versions: (show all )
CVE-2022-25168 suppress
Apache Hadoop's FileUtil.unTar(File, File) API does not escape the input file name before being passed to the shell. An attacker can inject arbitrary commands. This is only used in Hadoop 3.3 InMemoryAliasMap.completeBootstrapTransfer, which is only ever run by a local user. It has been used in Hadoop 2.x for yarn localization, which does enable remote code execution. It is used in Apache Spark, from the SQL command ADD ARCHIVE. As the ADD ARCHIVE command adds new binaries to the classpath, being able to execute shell scripts does not confer new permissions to the caller. SPARK-38305. "Check existence of file before untarring/zipping", which is included in 3.3.0, 3.1.4, 3.2.2, prevents shell commands being executed, regardless of which version of the hadoop libraries are in use. Users should upgrade to Apache Hadoop 2.10.2, 3.2.4, 3.3.3 or upper (including HADOOP-18136). CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVSSv3:
Base Score: CRITICAL (9.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:3.9/RC:R/MAV:A References:
Vulnerable Software & Versions: (show all )
CVE-2022-26612 suppress
In Apache Hadoop, The unTar function uses unTarUsingJava function on Windows and the built-in tar utility on Unix and other OSes. As a result, a TAR entry may create a symlink under the expected extraction directory which points to an external directory. A subsequent TAR entry may extract an arbitrary file into the external directory using the symlink name. This however would be caught by the same targetDirPath check on Unix because of the getCanonicalPath call. However on Windows, getCanonicalPath doesn't resolve symbolic links, which bypasses the check. unpackEntries during TAR extraction follows symbolic links which allows writing outside expected base directory on Windows. This was addressed in Apache Hadoop 3.2.3 CWE-59 Improper Link Resolution Before File Access ('Link Following')
CVSSv2:
Base Score: HIGH (7.5) Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P CVSSv3:
Base Score: CRITICAL (9.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:3.9/RC:R/MAV:A References:
Vulnerable Software & Versions: (show all )
CVE-2016-5393 suppress
In Apache Hadoop 2.6.x before 2.6.5 and 2.7.x before 2.7.3, a remote user who can authenticate with the HDFS NameNode can possibly run arbitrary commands with the same privileges as the HDFS service. CWE-284 Improper Access Control
CVSSv2:
Base Score: MEDIUM (6.5) Vector: /AV:N/AC:L/Au:S/C:P/I:P/A:P CVSSv3:
Base Score: HIGH (8.8) Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:2.8/RC:R/MAV:A References:
Vulnerable Software & Versions: (show all )
CVE-2016-6811 suppress
In Apache Hadoop 2.x before 2.7.4, a user who can escalate to yarn user can possibly run arbitrary commands as root user. CWE-264 Permissions, Privileges, and Access Controls
CVSSv2:
Base Score: HIGH (9.0) Vector: /AV:N/AC:L/Au:S/C:C/I:C/A:C CVSSv3:
Base Score: HIGH (8.8) Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:2.8/RC:R/MAV:A References:
Vulnerable Software & Versions:
CVE-2018-8009 suppress
Apache Hadoop 3.1.0, 3.0.0-alpha to 3.0.2, 2.9.0 to 2.9.1, 2.8.0 to 2.8.4, 2.0.0-alpha to 2.7.6, 0.23.0 to 0.23.11 is exploitable via the zip slip vulnerability in places that accept a zip file. CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVSSv2:
Base Score: MEDIUM (6.5) Vector: /AV:N/AC:L/Au:S/C:P/I:P/A:P CVSSv3:
Base Score: HIGH (8.8) Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:2.8/RC:R/MAV:A References:
Vulnerable Software & Versions: (show all )
CVE-2018-8029 suppress
In Apache Hadoop versions 3.0.0-alpha1 to 3.1.0, 2.9.0 to 2.9.1, and 2.2.0 to 2.8.4, a user who can escalate to yarn user can possibly run arbitrary commands as root user. NVD-CWE-noinfo
CVSSv2:
Base Score: HIGH (9.0) Vector: /AV:N/AC:L/Au:S/C:C/I:C/A:C CVSSv3:
Base Score: HIGH (8.8) Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:2.8/RC:R/MAV:A References:
Vulnerable Software & Versions: (show all )
CVE-2020-9492 suppress
In Apache Hadoop 3.2.0 to 3.2.1, 3.0.0-alpha1 to 3.1.3, and 2.0.0-alpha to 2.10.0, WebHDFS client might send SPNEGO authorization header to remote URL without proper verification. CWE-863 Incorrect Authorization
CVSSv2:
Base Score: MEDIUM (6.5) Vector: /AV:N/AC:L/Au:S/C:P/I:P/A:P CVSSv3:
Base Score: HIGH (8.8) Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:2.8/RC:R/MAV:A References:
Vulnerable Software & Versions: (show all )
CVE-2021-33036 suppress
In Apache Hadoop 2.2.0 to 2.10.1, 3.0.0-alpha1 to 3.1.4, 3.2.0 to 3.2.2, and 3.3.0 to 3.3.1, a user who can escalate to yarn user can possibly run arbitrary commands as root user. Users should upgrade to Apache Hadoop 2.10.2, 3.2.3, 3.3.2 or higher. CWE-24 Path Traversal: '../filedir', CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'), CWE-264 Permissions, Privileges, and Access Controls
CVSSv2:
Base Score: HIGH (9.0) Vector: /AV:N/AC:L/Au:S/C:C/I:C/A:C CVSSv3:
Base Score: HIGH (8.8) Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:2.8/RC:R/MAV:A References:
Vulnerable Software & Versions: (show all )
CVE-2017-3166 suppress
In Apache Hadoop versions 2.6.1 to 2.6.5, 2.7.0 to 2.7.3, and 3.0.0-alpha1, if a file in an encryption zone with access permissions that make it world readable is localized via YARN's localization mechanism, that file will be stored in a world-readable location and can be shared freely with any application that requests to localize that file. CWE-732 Incorrect Permission Assignment for Critical Resource
CVSSv2:
Base Score: MEDIUM (4.6) Vector: /AV:L/AC:L/Au:N/C:P/I:P/A:P CVSSv3:
Base Score: HIGH (7.8) Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:1.8/RC:R/MAV:A References:
Vulnerable Software & Versions: (show all )
CVE-2018-11768 suppress
In Apache Hadoop 3.1.0 to 3.1.1, 3.0.0-alpha1 to 3.0.3, 2.9.0 to 2.9.1, and 2.0.0-alpha to 2.8.4, the user/group information can be corrupted across storing in fsimage and reading back from fsimage. CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
CVSSv2:
Base Score: MEDIUM (5.0) Vector: /AV:N/AC:L/Au:N/C:N/I:P/A:N CVSSv3:
Base Score: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:3.9/RC:R/MAV:A References:
Vulnerable Software & Versions: (show all )
CVE-2018-1296 suppress
In Apache Hadoop 3.0.0-alpha1 to 3.0.0, 2.9.0, 2.8.0 to 2.8.3, and 2.5.0 to 2.7.5, HDFS exposes extended attribute key/value pairs during listXAttrs, verifying only path-level search access to the directory rather than path-level read permission to the referent. CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
CVSSv2:
Base Score: MEDIUM (5.0) Vector: /AV:N/AC:L/Au:N/C:P/I:N/A:N CVSSv3:
Base Score: HIGH (7.5) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:3.9/RC:R/MAV:A References:
Vulnerable Software & Versions: (show all )
CVE-2017-15713 suppress
Vulnerability in Apache Hadoop 0.23.x, 2.x before 2.7.5, 2.8.x before 2.8.3, and 3.0.0-alpha through 3.0.0-beta1 allows a cluster user to expose private files owned by the user running the MapReduce job history server process. The malicious user can construct a configuration file containing XML directives that reference sensitive files on the MapReduce job history server host. CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
CVSSv2:
Base Score: MEDIUM (4.0) Vector: /AV:N/AC:L/Au:S/C:P/I:N/A:N CVSSv3:
Base Score: MEDIUM (6.5) Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:2.8/RC:R/MAV:A References:
Vulnerable Software & Versions: (show all )
CVE-2016-5001 suppress
This is an information disclosure vulnerability in Apache Hadoop before 2.6.4 and 2.7.x before 2.7.2 in the short-circuit reads feature of HDFS. A local user on an HDFS DataNode may be able to craft a block token that grants unauthorized read access to random files by guessing certain fields in the token. CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
CVSSv2:
Base Score: LOW (2.1) Vector: /AV:L/AC:L/Au:N/C:P/I:N/A:N CVSSv3:
Base Score: MEDIUM (5.5) Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:1.8/RC:R/MAV:A References:
Vulnerable Software & Versions: (show all )
hamcrest-2.2.jarDescription:
Core API and libraries of hamcrest matcher framework. License:
BSD License 3: http://opensource.org/licenses/BSD-3-Clause File Path: /home/runner/.m2/repository/org/hamcrest/hamcrest/2.2/hamcrest-2.2.jar
MD5: 10b47e837f271d0662f28780e60388e8
SHA1: 1820c0968dba3a11a1b30669bb1f01978a91dedc
SHA256: 5e62846a89f05cd78cd9c1a553f340d002458380c320455dd1f8fc5497a8a1c1
Referenced In Projects/Scopes: shardingsphere-test-it-parser:compile shardingsphere-test-util:compile shardingsphere-test-it-yaml:compile hamcrest-2.2.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.shardingsphere/shardingsphere-test-it-yaml@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-util@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-it-parser@5.5.1-SNAPSHOT Evidence Type Source Name Value Confidence Vendor file name hamcrest High Vendor jar package name core Highest Vendor jar package name hamcrest Highest Vendor jar package name matcher Highest Vendor Manifest automatic-module-name org.hamcrest Medium Vendor Manifest bundle-symbolicname org.hamcrest Medium Vendor Manifest Implementation-Vendor hamcrest.org High Vendor pom artifactid hamcrest Highest Vendor pom artifactid hamcrest Low Vendor pom developer id joewalnes Medium Vendor pom developer id npryce Medium Vendor pom developer id sf105 Medium Vendor pom developer name Joe Walnes Medium Vendor pom developer name Nat Pryce Medium Vendor pom developer name Steve Freeman Medium Vendor pom groupid org.hamcrest Highest Vendor pom name Hamcrest High Vendor pom url http://hamcrest.org/JavaHamcrest/ Highest Product file name hamcrest High Product jar package name core Highest Product jar package name hamcrest Highest Product jar package name matcher Highest Product Manifest automatic-module-name org.hamcrest Medium Product Manifest Bundle-Name hamcrest Medium Product Manifest bundle-symbolicname org.hamcrest Medium Product Manifest Implementation-Title hamcrest High Product pom artifactid hamcrest Highest Product pom developer id joewalnes Low Product pom developer id npryce Low Product pom developer id sf105 Low Product pom developer name Joe Walnes Low Product pom developer name Nat Pryce Low Product pom developer name Steve Freeman Low Product pom groupid org.hamcrest Highest Product pom name Hamcrest High Product pom url http://hamcrest.org/JavaHamcrest/ Medium Version file version 2.2 High Version Manifest Bundle-Version 2.2 High Version Manifest Implementation-Version 2.2 High Version pom version 2.2 Highest
hbase-hadoop2-compat-2.0.0-alpha4.jarDescription:
Interfaces to be implemented in order to smooth
over hadoop version differences
File Path: /home/runner/.m2/repository/org/apache/hbase/hbase-hadoop2-compat/2.0.0-alpha4/hbase-hadoop2-compat-2.0.0-alpha4.jarMD5: 38fcdf060060ae5d9c9a227d69e3ff04SHA1: e0606310f971f725f1125710ed15396c8e9e68dcSHA256: 55104b576bbe9163eaae2de771c531677fba40d13a5b037bdc2fc2e3742a0809Referenced In Project/Scope: shardingsphere-infra-database-hive:providedhbase-hadoop2-compat-2.0.0-alpha4.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.hive/hive-jdbc@3.1.3
Evidence Type Source Name Value Confidence Vendor file name hbase-hadoop2-compat High Vendor jar package name apache Highest Vendor jar package name hadoop Highest Vendor jar package name hbase Highest Vendor Manifest implementation-url http://hbase.apache.org/hbase-build-configuration/hbase-hadoop2-compat Low Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor Manifest Implementation-Vendor-Id org.apache.hbase Medium Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor pom artifactid hbase-hadoop2-compat Highest Vendor pom artifactid hbase-hadoop2-compat Low Vendor pom groupid org.apache.hbase Highest Vendor pom name Apache HBase - Hadoop Two Compatibility High Vendor pom parent-artifactid hbase-build-configuration Low Product file name hbase-hadoop2-compat High Product jar package name apache Highest Product jar package name hadoop Highest Product jar package name hbase Highest Product Manifest Implementation-Title Apache HBase - Hadoop Two Compatibility High Product Manifest implementation-url http://hbase.apache.org/hbase-build-configuration/hbase-hadoop2-compat Low Product Manifest specification-title Apache HBase - Hadoop Two Compatibility Medium Product pom artifactid hbase-hadoop2-compat Highest Product pom groupid org.apache.hbase Highest Product pom name Apache HBase - Hadoop Two Compatibility High Product pom parent-artifactid hbase-build-configuration Medium Version Manifest Implementation-Version 2.0.0-alpha4 High Version pom version 2.0.0-alpha4 Highest
CVE-2022-25168 suppress
Apache Hadoop's FileUtil.unTar(File, File) API does not escape the input file name before being passed to the shell. An attacker can inject arbitrary commands. This is only used in Hadoop 3.3 InMemoryAliasMap.completeBootstrapTransfer, which is only ever run by a local user. It has been used in Hadoop 2.x for yarn localization, which does enable remote code execution. It is used in Apache Spark, from the SQL command ADD ARCHIVE. As the ADD ARCHIVE command adds new binaries to the classpath, being able to execute shell scripts does not confer new permissions to the caller. SPARK-38305. "Check existence of file before untarring/zipping", which is included in 3.3.0, 3.1.4, 3.2.2, prevents shell commands being executed, regardless of which version of the hadoop libraries are in use. Users should upgrade to Apache Hadoop 2.10.2, 3.2.4, 3.3.3 or upper (including HADOOP-18136). CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVSSv3:
Base Score: CRITICAL (9.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:3.9/RC:R/MAV:A References:
Vulnerable Software & Versions: (show all )
CVE-2022-26612 suppress
In Apache Hadoop, The unTar function uses unTarUsingJava function on Windows and the built-in tar utility on Unix and other OSes. As a result, a TAR entry may create a symlink under the expected extraction directory which points to an external directory. A subsequent TAR entry may extract an arbitrary file into the external directory using the symlink name. This however would be caught by the same targetDirPath check on Unix because of the getCanonicalPath call. However on Windows, getCanonicalPath doesn't resolve symbolic links, which bypasses the check. unpackEntries during TAR extraction follows symbolic links which allows writing outside expected base directory on Windows. This was addressed in Apache Hadoop 3.2.3 CWE-59 Improper Link Resolution Before File Access ('Link Following')
CVSSv2:
Base Score: HIGH (7.5) Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P CVSSv3:
Base Score: CRITICAL (9.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:3.9/RC:R/MAV:A References:
Vulnerable Software & Versions: (show all )
CVE-2018-8009 suppress
Apache Hadoop 3.1.0, 3.0.0-alpha to 3.0.2, 2.9.0 to 2.9.1, 2.8.0 to 2.8.4, 2.0.0-alpha to 2.7.6, 0.23.0 to 0.23.11 is exploitable via the zip slip vulnerability in places that accept a zip file. CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVSSv2:
Base Score: MEDIUM (6.5) Vector: /AV:N/AC:L/Au:S/C:P/I:P/A:P CVSSv3:
Base Score: HIGH (8.8) Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:2.8/RC:R/MAV:A References:
Vulnerable Software & Versions: (show all )
CVE-2020-9492 suppress
In Apache Hadoop 3.2.0 to 3.2.1, 3.0.0-alpha1 to 3.1.3, and 2.0.0-alpha to 2.10.0, WebHDFS client might send SPNEGO authorization header to remote URL without proper verification. CWE-863 Incorrect Authorization
CVSSv2:
Base Score: MEDIUM (6.5) Vector: /AV:N/AC:L/Au:S/C:P/I:P/A:P CVSSv3:
Base Score: HIGH (8.8) Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:2.8/RC:R/MAV:A References:
Vulnerable Software & Versions: (show all )
CVE-2018-8025 suppress
CVE-2018-8025 describes an issue in Apache HBase that affects the optional "Thrift 1" API server when running over HTTP. There is a race-condition which could lead to authenticated sessions being incorrectly applied to users, e.g. one authenticated user would be considered a different user or an unauthenticated user would be treated as an authenticated user. https://issues.apache.org/jira/browse/HBASE-20664 implements a fix for this issue. It has been fixed in versions: 1.2.6.1, 1.3.2.1, 1.4.5, 2.0.1. CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CVSSv2:
Base Score: MEDIUM (6.8) Vector: /AV:N/AC:M/Au:N/C:P/I:P/A:P CVSSv3:
Base Score: HIGH (8.1) Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:2.2/RC:R/MAV:A References:
Vulnerable Software & Versions: (show all )
CVE-2019-0212 suppress
In all previously released Apache HBase 2.x versions (2.0.0-2.0.4, 2.1.0-2.1.3), authorization was incorrectly applied to users of the HBase REST server. Requests sent to the HBase REST server were executed with the permissions of the REST server itself, not with the permissions of the end-user. This issue is only relevant when HBase is configured with Kerberos authentication, HBase authorization is enabled, and the REST server is configured with SPNEGO authentication. This issue does not extend beyond the HBase REST server. NVD-CWE-noinfo
CVSSv2:
Base Score: MEDIUM (6.0) Vector: /AV:N/AC:M/Au:S/C:P/I:P/A:P CVSSv3:
Base Score: HIGH (7.5) Vector: CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:1.6/RC:R/MAV:A References:
Vulnerable Software & Versions: (show all )
CVE-2017-3162 suppress
HDFS clients interact with a servlet on the DataNode to browse the HDFS namespace. The NameNode is provided as a query parameter that is not validated in Apache Hadoop before 2.7.0. CWE-20 Improper Input Validation
CVSSv2:
Base Score: HIGH (7.5) Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P CVSSv3:
Base Score: HIGH (7.3) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:3.9/RC:R/MAV:A References:
Vulnerable Software & Versions:
CVE-2017-3161 suppress
The HDFS web UI in Apache Hadoop before 2.7.0 is vulnerable to a cross-site scripting (XSS) attack through an unescaped query parameter. CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVSSv2:
Base Score: MEDIUM (4.3) Vector: /AV:N/AC:M/Au:N/C:N/I:P/A:N CVSSv3:
Base Score: MEDIUM (6.1) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:2.8/RC:R/MAV:A References:
Vulnerable Software & Versions:
CVE-2016-5001 suppress
This is an information disclosure vulnerability in Apache Hadoop before 2.6.4 and 2.7.x before 2.7.2 in the short-circuit reads feature of HDFS. A local user on an HDFS DataNode may be able to craft a block token that grants unauthorized read access to random files by guessing certain fields in the token. CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
CVSSv2:
Base Score: LOW (2.1) Vector: /AV:L/AC:L/Au:N/C:P/I:N/A:N CVSSv3:
Base Score: MEDIUM (5.5) Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:1.8/RC:R/MAV:A References:
Vulnerable Software & Versions: (show all )
hbase-server-2.0.0-alpha4.jarDescription:
Server functionality for HBase File Path: /home/runner/.m2/repository/org/apache/hbase/hbase-server/2.0.0-alpha4/hbase-server-2.0.0-alpha4.jarMD5: 22c86e37152d18a19393ef334002e3a7SHA1: e546c6af993ff483d3be4ed6dd6b9e32173771d4SHA256: 019b532e0f2c19016100c6b004750fe453b57b4861d50af5e05fc070d9032095Referenced In Project/Scope: shardingsphere-infra-database-hive:providedhbase-server-2.0.0-alpha4.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.hive/hive-jdbc@3.1.3
Evidence Type Source Name Value Confidence Vendor file name hbase-server High Vendor jar package name apache Highest Vendor jar package name hbase Highest Vendor jar package name server Highest Vendor Manifest implementation-url http://hbase.apache.org/hbase-build-configuration/hbase-server Low Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor Manifest Implementation-Vendor-Id org.apache.hbase Medium Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor pom artifactid hbase-server Highest Vendor pom artifactid hbase-server Low Vendor pom groupid org.apache.hbase Highest Vendor pom name Apache HBase - Server High Vendor pom parent-artifactid hbase-build-configuration Low Product file name hbase-server High Product jar package name apache Highest Product jar package name hbase Highest Product jar package name server Highest Product Manifest Implementation-Title Apache HBase - Server High Product Manifest implementation-url http://hbase.apache.org/hbase-build-configuration/hbase-server Low Product Manifest specification-title Apache HBase - Server Medium Product pom artifactid hbase-server Highest Product pom groupid org.apache.hbase Highest Product pom name Apache HBase - Server High Product pom parent-artifactid hbase-build-configuration Medium Version Manifest Implementation-Version 2.0.0-alpha4 High Version pom version 2.0.0-alpha4 Highest
Related Dependencies hbase-client-2.0.0-alpha4.jarFile Path: /home/runner/.m2/repository/org/apache/hbase/hbase-client/2.0.0-alpha4/hbase-client-2.0.0-alpha4.jar MD5: f9a3a77358069e0d12317a0a5eb97f33 SHA1: d58bddfa107ea0bdf0a1ef9f9d7e1626a50a1299 SHA256: 6c3fa637f6ee50ce9fc155e416859224704d4a91006d7392c507579f5a6c18c0 pkg:maven/org.apache.hbase/hbase-client@2.0.0-alpha4 hbase-common-2.0.0-alpha4-tests.jarFile Path: /home/runner/.m2/repository/org/apache/hbase/hbase-common/2.0.0-alpha4/hbase-common-2.0.0-alpha4-tests.jar MD5: d8f3fabf6e6c761c3a3b3e0bd9c2b2b8 SHA1: 4387a31bd61d51b7de9bce354c89dc5c5b8c1768 SHA256: 6dee8a55d6e669f2193893b770c7c0ce76caa8a7f985a5f78a2a6e16b51a0153 pkg:maven/org.apache.hbase/hbase-common@2.0.0-alpha4 hbase-common-2.0.0-alpha4.jarFile Path: /home/runner/.m2/repository/org/apache/hbase/hbase-common/2.0.0-alpha4/hbase-common-2.0.0-alpha4.jar MD5: 79b7bfa636d7d36b7cc88aa9460f8d02 SHA1: 9a782bd40f6a5d8537db98439d69cf562b8071a9 SHA256: b5a478b3fa015f16338e2f673e43aa7718d3ec2e4fb902d1fbac8c98b8323441 pkg:maven/org.apache.hbase/hbase-common@2.0.0-alpha4 hbase-hadoop-compat-2.0.0-alpha4.jarFile Path: /home/runner/.m2/repository/org/apache/hbase/hbase-hadoop-compat/2.0.0-alpha4/hbase-hadoop-compat-2.0.0-alpha4.jar MD5: 81144903e3790bd0ff2eda5febcebc07 SHA1: 4bfa09be1f7c2cbd89447ef390fb39aa3c676543 SHA256: 832fbb83e61a1186cda962d1112075ab012bec5156aefbaf6afca9eda23e5ce0 pkg:maven/org.apache.hbase/hbase-hadoop-compat@2.0.0-alpha4 hbase-http-2.0.0-alpha4.jarFile Path: /home/runner/.m2/repository/org/apache/hbase/hbase-http/2.0.0-alpha4/hbase-http-2.0.0-alpha4.jar MD5: 0c3ae940514f94228d0631eb0bd8a692 SHA1: 29fdb3f9c2a61469f8f80dcb8912862dfdd30a40 SHA256: 890618c27cee37544cfc65245513a4f180e6a38b0a106e69e8457c6cf92b1d37 pkg:maven/org.apache.hbase/hbase-http@2.0.0-alpha4 hbase-mapreduce-2.0.0-alpha4.jarFile Path: /home/runner/.m2/repository/org/apache/hbase/hbase-mapreduce/2.0.0-alpha4/hbase-mapreduce-2.0.0-alpha4.jar MD5: 0448787c407966188b3a17b741067360 SHA1: 2bb165dbabb3113277921d2b70b5dc1dbc436140 SHA256: 924651216aadb121d0f66f1478d85010ae83406ced6fad881df391de4462194b pkg:maven/org.apache.hbase/hbase-mapreduce@2.0.0-alpha4 hbase-prefix-tree-2.0.0-alpha4.jarFile Path: /home/runner/.m2/repository/org/apache/hbase/hbase-prefix-tree/2.0.0-alpha4/hbase-prefix-tree-2.0.0-alpha4.jar MD5: 6df50fdaf975c3d25fe78de6369bfc05 SHA1: f14b84a725a34112df3946c4dd0d37d708253334 SHA256: 52f7268152e685433fa4e0ead2b42cea5cbc268ff8291829d1d11ba8fb0b8275 pkg:maven/org.apache.hbase/hbase-prefix-tree@2.0.0-alpha4 hbase-procedure-2.0.0-alpha4.jarFile Path: /home/runner/.m2/repository/org/apache/hbase/hbase-procedure/2.0.0-alpha4/hbase-procedure-2.0.0-alpha4.jar MD5: d3cb7493355eb4a3409b5556fa98d6ef SHA1: 396bb4253817aee3f8985d2bf88819338b7d9447 SHA256: feb2d673aeeaf1b37ea63c6d30382a5735278c81d92695d2b6cf9dd83aeef8cd pkg:maven/org.apache.hbase/hbase-procedure@2.0.0-alpha4 hbase-protocol-2.0.0-alpha4.jarFile Path: /home/runner/.m2/repository/org/apache/hbase/hbase-protocol/2.0.0-alpha4/hbase-protocol-2.0.0-alpha4.jar MD5: dcb5985830b66e61ccc4e9fe95edf111 SHA1: 13040379b16ac38b3107e9d5382fa894bc33db20 SHA256: 24ad9caf5c1e840870aa7e318e3c72b083b28b982fc6e7b036fbfe29239803de pkg:maven/org.apache.hbase/hbase-protocol@2.0.0-alpha4 hbase-protocol-shaded-2.0.0-alpha4.jarFile Path: /home/runner/.m2/repository/org/apache/hbase/hbase-protocol-shaded/2.0.0-alpha4/hbase-protocol-shaded-2.0.0-alpha4.jar MD5: bd522adc193693a5fe3c8dbd81fc926a SHA1: 802c906c7673cbc5cc2f9e42e0a80c6372f1fabc SHA256: 3c443725868a0859327116359de64ff9e3f42c6f43b118a18c05741538962e84 pkg:maven/org.apache.hbase/hbase-protocol-shaded@2.0.0-alpha4 hbase-replication-2.0.0-alpha4.jarFile Path: /home/runner/.m2/repository/org/apache/hbase/hbase-replication/2.0.0-alpha4/hbase-replication-2.0.0-alpha4.jar MD5: 51b5f5ab612245d5dcf0e21328f1557e SHA1: 9fc1ccc9c4bdba52e1303c379d1f1fd6a50a2709 SHA256: 70bbb10bd9a36cee68add90103d6083e67ae8aace1eaca383ef3c1b551d46909 pkg:maven/org.apache.hbase/hbase-replication@2.0.0-alpha4 CVE-2018-8025 suppress
CVE-2018-8025 describes an issue in Apache HBase that affects the optional "Thrift 1" API server when running over HTTP. There is a race-condition which could lead to authenticated sessions being incorrectly applied to users, e.g. one authenticated user would be considered a different user or an unauthenticated user would be treated as an authenticated user. https://issues.apache.org/jira/browse/HBASE-20664 implements a fix for this issue. It has been fixed in versions: 1.2.6.1, 1.3.2.1, 1.4.5, 2.0.1. CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CVSSv2:
Base Score: MEDIUM (6.8) Vector: /AV:N/AC:M/Au:N/C:P/I:P/A:P CVSSv3:
Base Score: HIGH (8.1) Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:2.2/RC:R/MAV:A References:
Vulnerable Software & Versions: (show all )
CVE-2019-0212 suppress
In all previously released Apache HBase 2.x versions (2.0.0-2.0.4, 2.1.0-2.1.3), authorization was incorrectly applied to users of the HBase REST server. Requests sent to the HBase REST server were executed with the permissions of the REST server itself, not with the permissions of the end-user. This issue is only relevant when HBase is configured with Kerberos authentication, HBase authorization is enabled, and the REST server is configured with SPNEGO authentication. This issue does not extend beyond the HBase REST server. NVD-CWE-noinfo
CVSSv2:
Base Score: MEDIUM (6.0) Vector: /AV:N/AC:M/Au:S/C:P/I:P/A:P CVSSv3:
Base Score: HIGH (7.5) Vector: CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:1.6/RC:R/MAV:A References:
Vulnerable Software & Versions: (show all )
hbase-server-2.0.0-alpha4.jar: bootstrap.jsFile Path: /home/runner/.m2/repository/org/apache/hbase/hbase-server/2.0.0-alpha4/hbase-server-2.0.0-alpha4.jar/hbase-webapps/static/js/bootstrap.jsMD5: cd4d2bd0232733e89138fa7be0c67e42SHA1: 354ddf9b46127deb48c260c88c3e0189e2e49585SHA256: 912e9182833035948fe293a9d4e1ddc1382304916fae943d535e2685c8a9e850Referenced In Project/Scope: shardingsphere-infra-database-hive:provided
Evidence Type Source Name Value Confidence
Related Dependencies hive-service-3.1.3.jar: bootstrap.jsFile Path: /home/runner/.m2/repository/org/apache/hive/hive-service/3.1.3/hive-service-3.1.3.jar/hive-webapps/static/js/bootstrap.js MD5: cd4d2bd0232733e89138fa7be0c67e42 SHA1: 354ddf9b46127deb48c260c88c3e0189e2e49585 SHA256: 912e9182833035948fe293a9d4e1ddc1382304916fae943d535e2685c8a9e850 hbase-server-2.0.0-alpha4.jar: bootstrap.min.jsFile Path: /home/runner/.m2/repository/org/apache/hbase/hbase-server/2.0.0-alpha4/hbase-server-2.0.0-alpha4.jar/hbase-webapps/static/js/bootstrap.min.jsMD5: 9e25e8e29ef0ea358e9778082ffd97d8SHA1: 75a42212affc118fef849aba4b9326a7da2acda1SHA256: 54d21b0676784d0c983bbd4093898770adefa932d89b72c8afd88183a19172a7Referenced In Project/Scope: shardingsphere-infra-database-hive:provided
Evidence Type Source Name Value Confidence
Related Dependencies hive-service-3.1.3.jar: bootstrap.min.jsFile Path: /home/runner/.m2/repository/org/apache/hive/hive-service/3.1.3/hive-service-3.1.3.jar/hive-webapps/static/js/bootstrap.min.js MD5: 9e25e8e29ef0ea358e9778082ffd97d8 SHA1: 75a42212affc118fef849aba4b9326a7da2acda1 SHA256: 54d21b0676784d0c983bbd4093898770adefa932d89b72c8afd88183a19172a7 hbase-server-2.0.0-alpha4.jar: jquery.min.jsFile Path: /home/runner/.m2/repository/org/apache/hbase/hbase-server/2.0.0-alpha4/hbase-server-2.0.0-alpha4.jar/hbase-webapps/static/js/jquery.min.jsMD5: c9f5aeeca3ad37bf2aa006139b935f0aSHA1: 1055018c28ab41087ef9ccefe411606893dabea2SHA256: 87083882cc6015984eb0411a99d3981817f5dc5c90ba24f0940420c5548d82deReferenced In Project/Scope: shardingsphere-infra-database-hive:provided
Evidence Type Source Name Value Confidence Vendor file name jquery High Product file name jquery High Version file version 3.2.1 High
CVE-2019-11358 suppress
jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype. CWE-1321 Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
CVSSv2:
Base Score: MEDIUM (4.3) Vector: /AV:N/AC:M/Au:N/C:N/I:P/A:N CVSSv3:
Base Score: MEDIUM (6.1) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:2.8/RC:R/MAV:A References:
cve@mitre.org - BROKEN_LINK,THIRD_PARTY_ADVISORY,VDB_ENTRY cve@mitre.org - EXPLOIT,THIRD_PARTY_ADVISORY cve@mitre.org - ISSUE_TRACKING cve@mitre.org - ISSUE_TRACKING cve@mitre.org - ISSUE_TRACKING cve@mitre.org - ISSUE_TRACKING cve@mitre.org - ISSUE_TRACKING cve@mitre.org - ISSUE_TRACKING cve@mitre.org - ISSUE_TRACKING cve@mitre.org - ISSUE_TRACKING cve@mitre.org - ISSUE_TRACKING cve@mitre.org - ISSUE_TRACKING cve@mitre.org - ISSUE_TRACKING cve@mitre.org - ISSUE_TRACKING cve@mitre.org - ISSUE_TRACKING cve@mitre.org - ISSUE_TRACKING cve@mitre.org - ISSUE_TRACKING cve@mitre.org - ISSUE_TRACKING cve@mitre.org - ISSUE_TRACKING cve@mitre.org - ISSUE_TRACKING cve@mitre.org - ISSUE_TRACKING cve@mitre.org - ISSUE_TRACKING,MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,PATCH,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,PATCH,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,PATCH,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,PATCH,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - PATCH,THIRD_PARTY_ADVISORY cve@mitre.org - PATCH,THIRD_PARTY_ADVISORY cve@mitre.org - PATCH,THIRD_PARTY_ADVISORY cve@mitre.org - PATCH,THIRD_PARTY_ADVISORY cve@mitre.org - PATCH,THIRD_PARTY_ADVISORY cve@mitre.org - PATCH,THIRD_PARTY_ADVISORY cve@mitre.org - PATCH,THIRD_PARTY_ADVISORY cve@mitre.org - PATCH,THIRD_PARTY_ADVISORY cve@mitre.org - PATCH,THIRD_PARTY_ADVISORY cve@mitre.org - PATCH,THIRD_PARTY_ADVISORY cve@mitre.org - PATCH,THIRD_PARTY_ADVISORY cve@mitre.org - PATCH,THIRD_PARTY_ADVISORY cve@mitre.org - PATCH,THIRD_PARTY_ADVISORY cve@mitre.org - PATCH,THIRD_PARTY_ADVISORY cve@mitre.org - PATCH,THIRD_PARTY_ADVISORY cve@mitre.org - RELEASE_NOTES,VENDOR_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY,VDB_ENTRY cve@mitre.org - THIRD_PARTY_ADVISORY,VDB_ENTRY cve@mitre.org - THIRD_PARTY_ADVISORY,VDB_ENTRY info - https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/ info - https://github.com/jquery/jquery/commit/753d591aea698e57d6db58c9f722cd0808619b1b info - https://nvd.nist.gov/vuln/detail/CVE-2019-11358 Vulnerable Software & Versions (NVD):
cpe:2.3:a:backdropcms:backdrop:*:*:*:*:*:*:*:* versions from (including) 1.11.0; versions up to (excluding) 1.11.9 cpe:2.3:a:backdropcms:backdrop:*:*:*:*:*:*:*:* versions from (including) 1.12.0; versions up to (excluding) 1.12.6 cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:* versions from (including) 7.0; versions up to (excluding) 7.66 cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:* versions from (including) 8.5.0; versions up to (excluding) 8.5.15 cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:* versions from (including) 8.6.0; versions up to (excluding) 8.6.15 cpe:2.3:a:joomla:joomla\!:*:*:*:*:*:*:*:* versions from (including) 3.0.0; versions up to (including) 3.9.4 cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:* versions up to (excluding) 3.4.0 cpe:2.3:a:netapp:oncommand_system_manager:*:*:*:*:*:*:*:* versions from (including) 3.0; versions up to (including) 3.1.3 cpe:2.3:a:netapp:snapcenter:-:*:*:*:*:*:*:* cpe:2.3:a:opensuse:backports_sle:15.0:sp1:*:*:*:*:*:* cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.0.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.2.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.3.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:application_express:*:*:*:*:*:*:*:* versions up to (excluding) 19.1 cpe:2.3:a:oracle:application_service_level_management:13.2.0.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:application_service_level_management:13.3.0.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:application_testing_suite:12.5.0.3:*:*:*:*:*:*:* cpe:2.3:a:oracle:application_testing_suite:13.1.0.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:application_testing_suite:13.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:application_testing_suite:13.2.0.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:application_testing_suite:13.3:*:*:*:*:*:*:* cpe:2.3:a:oracle:application_testing_suite:13.3.0.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:banking_digital_experience:18.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:banking_digital_experience:18.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:banking_digital_experience:18.3:*:*:*:*:*:*:* cpe:2.3:a:oracle:banking_digital_experience:19.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:banking_digital_experience:19.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:banking_digital_experience:20.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:banking_enterprise_collections:*:*:*:*:*:*:*:* versions from (including) 2.7.0; versions up to (including) 2.8.0 cpe:2.3:a:oracle:banking_platform:*:*:*:*:*:*:*:* versions from (including) 2.4.0; versions up to (including) 2.10.0 cpe:2.3:a:oracle:bi_publisher:5.5.0.0.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:bi_publisher:12.2.1.3.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:bi_publisher:12.2.1.4.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:big_data_discovery:1.6:*:*:*:*:*:*:* cpe:2.3:a:oracle:business_process_management_suite:12.2.1.3.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:business_process_management_suite:12.2.1.4.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_analytics:12.1.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_application_session_controller:3.8m0:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_billing_and_revenue_management:7.5:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_billing_and_revenue_management:7.5.0.23.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_billing_and_revenue_management:12.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_billing_and_revenue_management:12.0.0.3.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_diameter_signaling_router:8.0.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_diameter_signaling_router:8.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_diameter_signaling_router:8.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_diameter_signaling_router:8.2.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_eagle_application_processor:*:*:*:*:*:*:*:* versions from (including) 16.1.0; versions up to (including) 16.4.0 cpe:2.3:a:oracle:communications_element_manager:8.1.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_element_manager:8.2.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_element_manager:8.2.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_interactive_session_recorder:*:*:*:*:*:*:*:* versions from (including) 6.0; versions up to (including) 6.4 cpe:2.3:a:oracle:communications_operations_monitor:*:*:*:*:*:*:*:* versions from (including) 4.1; versions up to (including) 4.3 cpe:2.3:a:oracle:communications_operations_monitor:3.4:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_operations_monitor:4.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_operations_monitor:4.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_services_gatekeeper:7.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_session_report_manager:8.1.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_session_report_manager:8.2.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_session_report_manager:8.2.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_session_route_manager:8.1.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_session_route_manager:8.2.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_session_route_manager:8.2.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_unified_inventory_management:7.3:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_webrtc_session_controller:7.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:diagnostic_assistant:2.12.36:*:*:*:*:*:*:* cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3:*:*:*:*:*:*:* cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:enterprise_session_border_controller:8.4:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:* versions from (including) 7.3.3; versions up to (including) 7.3.5 cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:* versions from (including) 8.0.2; versions up to (including) 8.1.0 cpe:2.3:a:oracle:financial_services_analytical_applications_reconciliation_framework:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.7 cpe:2.3:a:oracle:financial_services_analytical_applications_reconciliation_framework:8.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_asset_liability_management:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.7 cpe:2.3:a:oracle:financial_services_asset_liability_management:8.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_balance_sheet_planning:8.0.8:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_basel_regulatory_capital_basic:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.7 cpe:2.3:a:oracle:financial_services_basel_regulatory_capital_basic:8.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_basel_regulatory_capital_internal_ratings_based_approach:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.7 cpe:2.3:a:oracle:financial_services_basel_regulatory_capital_internal_ratings_based_approach:8.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_data_foundation:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.8 cpe:2.3:a:oracle:financial_services_data_governance_for_us_regulatory_reporting:*:*:*:*:*:*:*:* versions from (including) 8.0.6; versions up to (including) 8.0.9 cpe:2.3:a:oracle:financial_services_data_integration_hub:*:*:*:*:*:*:*:* versions from (including) 8.0.5; versions up to (including) 8.0.7 cpe:2.3:a:oracle:financial_services_data_integration_hub:8.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_enterprise_financial_performance_analytics:8.0.6:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_enterprise_financial_performance_analytics:8.0.7:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_funds_transfer_pricing:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.7 cpe:2.3:a:oracle:financial_services_funds_transfer_pricing:8.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_hedge_management_and_ifrs_valuations:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.7 cpe:2.3:a:oracle:financial_services_hedge_management_and_ifrs_valuations:8.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.7 cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_liquidity_risk_management:8.0.0.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_liquidity_risk_management:8.0.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_liquidity_risk_management:8.0.4.0.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_liquidity_risk_management:8.0.5.0.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_liquidity_risk_management:8.0.6:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_liquidity_risk_measurement_and_management:8.0.7:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_liquidity_risk_measurement_and_management:8.0.8:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_liquidity_risk_measurement_and_management:8.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_loan_loss_forecasting_and_provisioning:*:*:*:*:*:*:*:* versions from (including) 8.0.2; versions up to (including) 8.0.7 cpe:2.3:a:oracle:financial_services_loan_loss_forecasting_and_provisioning:8.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_market_risk_measurement_and_management:8.0.5:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_market_risk_measurement_and_management:8.0.6:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_market_risk_measurement_and_management:8.0.8:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_price_creation_and_discovery:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.7 cpe:2.3:a:oracle:financial_services_profitability_management:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.7 cpe:2.3:a:oracle:financial_services_profitability_management:8.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_regulatory_reporting_for_de_nederlandsche_bank:8.0.4:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_regulatory_reporting_for_european_banking_authority:8.0.6:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_regulatory_reporting_for_european_banking_authority:8.0.7:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_regulatory_reporting_for_us_federal_reserve:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.7 cpe:2.3:a:oracle:financial_services_retail_customer_analytics:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.6 cpe:2.3:a:oracle:financial_services_retail_performance_analytics:8.0.6:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_retail_performance_analytics:8.0.7:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_revenue_management_and_billing:2.4.0.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_revenue_management_and_billing:2.4.0.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:fusion_middleware_mapviewer:12.2.1.3.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:healthcare_foundation:7.1.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:healthcare_foundation:7.2.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:healthcare_foundation:7.2.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:healthcare_foundation:7.3.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:healthcare_translational_research:3.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:healthcare_translational_research:3.2.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:healthcare_translational_research:3.3.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:healthcare_translational_research:3.3.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:healthcare_translational_research:3.4.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:hospitality_guest_access:4.2.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:hospitality_guest_access:4.2.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:hospitality_materials_control:18.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:hospitality_simphony:*:*:*:*:*:*:*:* versions from (including) 19.1.0; versions up to (including) 19.1.2 cpe:2.3:a:oracle:hospitality_simphony:18.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:hospitality_simphony:18.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:identity_manager:12.2.1.3.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:insurance_accounting_analyzer:8.0.9:*:*:*:*:*:*:* cpe:2.3:a:oracle:insurance_allocation_manager_for_enterprise_profitability:8.0.8:*:*:*:*:*:*:* cpe:2.3:a:oracle:insurance_allocation_manager_for_enterprise_profitability:8.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:insurance_data_foundation:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.7 cpe:2.3:a:oracle:insurance_ifrs_17_analyzer:8.0.6:*:*:*:*:*:*:* cpe:2.3:a:oracle:insurance_ifrs_17_analyzer:8.0.7:*:*:*:*:*:*:* cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:*:*:*:*:*:*:*:* versions from (including) 5.0.0.0; versions up to (including) 5.6.0.0 cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:5.6.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:insurance_performance_insight:8.0.7:*:*:*:*:*:*:* cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:9.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:jdeveloper:11.1.1.9.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:jdeveloper:12.2.1.3.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:jdeveloper:12.2.1.4.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:jdeveloper_and_adf:11.1.1.9.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:jdeveloper_and_adf:12.1.3.0.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:jdeveloper_and_adf:12.2.1.3.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:knowledge:*:*:*:*:*:*:*:* versions from (including) 8.6.0; versions up to (including) 8.6.3 cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.55:*:*:*:*:*:*:* cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.56:*:*:*:*:*:*:* cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57:*:*:*:*:*:*:* cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:*:*:*:*:*:*:* cpe:2.3:a:oracle:policy_automation:*:*:*:*:*:*:*:* versions from (including) 12.2.0; versions up to (including) 12.2.15 cpe:2.3:a:oracle:policy_automation:10.4.7:*:*:*:*:*:*:* cpe:2.3:a:oracle:policy_automation:12.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:policy_automation:12.1.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:policy_automation_connector_for_siebel:10.4.6:*:*:*:*:*:*:* cpe:2.3:a:oracle:policy_automation_for_mobile_devices:*:*:*:*:*:*:*:* versions from (including) 12.2.0; versions up to (including) 12.2.15 cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:* versions from (including) 16.2.0; versions up to (including) 16.2.11 cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:* versions from (including) 17.12.0; versions up to (including) 17.12.7 cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:* versions from (including) 18.8.0; versions up to (including) 18.8.9 cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:* versions from (including) 19.12.0; versions up to (including) 19.12.4 cpe:2.3:a:oracle:primavera_gateway:15.2.18:*:*:*:*:*:*:* cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:* versions from (including) 17.7; versions up to (including) 17.12 cpe:2.3:a:oracle:primavera_unifier:16.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:primavera_unifier:16.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:primavera_unifier:18.8:*:*:*:*:*:*:* cpe:2.3:a:oracle:real-time_scheduler:*:*:*:*:*:*:*:* versions from (including) 2.3.0.1; versions up to (including) 2.3.0.3 cpe:2.3:a:oracle:rest_data_services:18c:*:*:*:-:*:*:* cpe:2.3:a:oracle:rest_data_services:19c:*:*:*:-:*:*:* cpe:2.3:a:oracle:rest_data_services:11.2.0.4:*:*:*:-:*:*:* cpe:2.3:a:oracle:rest_data_services:12.1.0.2:*:*:*:-:*:*:* cpe:2.3:a:oracle:rest_data_services:12.2.0.1:*:*:*:-:*:*:* cpe:2.3:a:oracle:retail_back_office:14.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:retail_back_office:14.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:retail_central_office:14.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:retail_central_office:14.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:retail_customer_insights:15.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:retail_customer_insights:16.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:retail_customer_management_and_segmentation_foundation:18.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:retail_customer_management_and_segmentation_foundation:19.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:retail_point-of-service:14.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:retail_point-of-service:14.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:retail_returns_management:14.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:retail_returns_management:14.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:service_bus:11.1.1.9.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:service_bus:12.1.3.0.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:service_bus:12.2.1.3.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:siebel_mobile_applications:*:*:*:*:*:*:*:* versions up to (including) 19.8 cpe:2.3:a:oracle:siebel_ui_framework:20.8:*:*:*:*:*:*:* cpe:2.3:a:oracle:storagetek_tape_analytics_sw_tool:2.3.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:system_utilities:19.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:tape_library_acsls:8.5:*:*:*:*:*:*:* cpe:2.3:a:oracle:tape_library_acsls:8.5.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:transportation_management:1.4.3:*:*:*:*:*:*:* cpe:2.3:a:oracle:utilities_mobile_workforce_management:*:*:*:*:*:*:*:* versions from (including) 2.3.0.1; versions up to (including) 2.3.0.3 cpe:2.3:a:oracle:webcenter_sites:12.2.1.3.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:weblogic_server:10.3.6.0.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:weblogic_server:12.1.3.0.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:* cpe:2.3:a:redhat:cloudforms:4.7:*:*:*:*:*:*:* cpe:2.3:a:redhat:virtualization_manager:4.3:*:*:*:*:*:*:* CVE-2020-11022 suppress
In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0. CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVSSv2:
Base Score: MEDIUM (4.3) Vector: /AV:N/AC:M/Au:N/C:N/I:P/A:N CVSSv3:
Base Score: MEDIUM (6.1) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:2.8/RC:R/MAV:A References:
info - https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/ security-advisories@github.com - BROKEN_LINK security-advisories@github.com - BROKEN_LINK security-advisories@github.com - BROKEN_LINK security-advisories@github.com - EXPLOIT,THIRD_PARTY_ADVISORY,VDB_ENTRY security-advisories@github.com - MAILING_LIST,THIRD_PARTY_ADVISORY security-advisories@github.com - MITIGATION,THIRD_PARTY_ADVISORY security-advisories@github.com - MITIGATION,VENDOR_ADVISORY security-advisories@github.com - PATCH,THIRD_PARTY_ADVISORY security-advisories@github.com - PATCH,THIRD_PARTY_ADVISORY security-advisories@github.com - PATCH,THIRD_PARTY_ADVISORY security-advisories@github.com - PATCH,THIRD_PARTY_ADVISORY security-advisories@github.com - PATCH,THIRD_PARTY_ADVISORY security-advisories@github.com - PATCH,THIRD_PARTY_ADVISORY security-advisories@github.com - RELEASE_NOTES,VENDOR_ADVISORY security-advisories@github.com - THIRD_PARTY_ADVISORY security-advisories@github.com - THIRD_PARTY_ADVISORY security-advisories@github.com - THIRD_PARTY_ADVISORY security-advisories@github.com - THIRD_PARTY_ADVISORY security-advisories@github.com - THIRD_PARTY_ADVISORY security-advisories@github.com - THIRD_PARTY_ADVISORY security-advisories@github.com - THIRD_PARTY_ADVISORY security-advisories@github.com - THIRD_PARTY_ADVISORY security-advisories@github.com - THIRD_PARTY_ADVISORY security-advisories@github.com - THIRD_PARTY_ADVISORY security-advisories@github.com - THIRD_PARTY_ADVISORY Vulnerable Software & Versions (NVD):
cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:* versions from (including) 7.0; versions up to (excluding) 7.70 cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:* versions from (including) 8.7.0; versions up to (excluding) 8.7.14 cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:* versions from (including) 8.8.0; versions up to (excluding) 8.8.6 cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:* versions from (including) 1.2; versions up to (excluding) 3.5.0 cpe:2.3:a:netapp:max_data:-:*:*:*:*:*:*:* cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:* cpe:2.3:a:netapp:oncommand_system_manager:*:*:*:*:*:*:*:* versions from (including) 3.0; versions up to (including) 3.1.3 cpe:2.3:a:netapp:snap_creator_framework:-:*:*:*:*:*:*:* cpe:2.3:a:netapp:snapcenter:-:*:*:*:*:*:*:* cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.0.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:agile_product_supplier_collaboration_for_process:6.2.0.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:application_testing_suite:13.3.0.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:banking_digital_experience:*:*:*:*:*:*:*:* versions from (including) 18.1; versions up to (including) 20.1 cpe:2.3:a:oracle:banking_digital_experience:18.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:banking_digital_experience:18.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:banking_digital_experience:18.3:*:*:*:*:*:*:* cpe:2.3:a:oracle:banking_digital_experience:19.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:banking_digital_experience:19.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:banking_digital_experience:20.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:blockchain_platform:*:*:*:*:*:*:*:* versions up to (excluding) 21.1.2 cpe:2.3:a:oracle:communications_application_session_controller:3.8m0:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_billing_and_revenue_management:7.5.0.23.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_billing_and_revenue_management:12.0.0.3.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_diameter_signaling_router_idih\::*:*:*:*:*:*:*:* versions from (including) 8.0.0; versions up to (including) 8.2.2 cpe:2.3:a:oracle:communications_eagle_application_processor:*:*:*:*:*:*:*:* versions from (including) 16.1.0; versions up to (including) 16.4.0 cpe:2.3:a:oracle:communications_services_gatekeeper:7.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_webrtc_session_controller:7.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:enterprise_session_border_controller:8.4:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:* versions from (including) 8.0.6; versions up to (including) 8.1.0 cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:* versions from (including) 8.0.6.0.0; versions up to (including) 8.1.0.0.0 cpe:2.3:a:oracle:financial_services_analytical_applications_reconciliation_framework:*:*:*:*:*:*:*:* versions from (including) 8.0.6; versions up to (including) 8.0.8 cpe:2.3:a:oracle:financial_services_analytical_applications_reconciliation_framework:8.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_asset_liability_management:8.0.6:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_asset_liability_management:8.0.7:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_asset_liability_management:8.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_balance_sheet_planning:8.0.8:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_basel_regulatory_capital_basic:*:*:*:*:*:*:*:* versions from (including) 8.0.6; versions up to (including) 8.0.8 cpe:2.3:a:oracle:financial_services_basel_regulatory_capital_basic:8.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_basel_regulatory_capital_internal_ratings_based_approach:*:*:*:*:*:*:*:* versions from (including) 8.0.6; versions up to (including) 8.0.8 cpe:2.3:a:oracle:financial_services_basel_regulatory_capital_internal_ratings_based_approach:8.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_data_foundation:*:*:*:*:*:*:*:* versions from (including) 8.0.6; versions up to (including) 8.1.0 cpe:2.3:a:oracle:financial_services_data_governance_for_us_regulatory_reporting:*:*:*:*:*:*:*:* versions from (including) 8.0.6; versions up to (including) 8.0.9 cpe:2.3:a:oracle:financial_services_data_integration_hub:8.0.6:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_data_integration_hub:8.0.7:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_data_integration_hub:8.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_funds_transfer_pricing:8.0.6:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_funds_transfer_pricing:8.0.7:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_funds_transfer_pricing:8.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_hedge_management_and_ifrs_valuations:*:*:*:*:*:*:*:* versions from (including) 8.0.6; versions up to (including) 8.0.8 cpe:2.3:a:oracle:financial_services_hedge_management_and_ifrs_valuations:8.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.0.6:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.0.7:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_liquidity_risk_management:8.0.6:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_liquidity_risk_measurement_and_management:8.0.7:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_liquidity_risk_measurement_and_management:8.0.8:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_liquidity_risk_measurement_and_management:8.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_loan_loss_forecasting_and_provisioning:*:*:*:*:*:*:*:* versions from (including) 8.0.6; versions up to (including) 8.0.8 cpe:2.3:a:oracle:financial_services_loan_loss_forecasting_and_provisioning:8.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_market_risk_measurement_and_management:8.0.6:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_market_risk_measurement_and_management:8.0.8:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_price_creation_and_discovery:8.0.6:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_price_creation_and_discovery:8.0.7:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_profitability_management:8.0.6:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_profitability_management:8.0.7:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_profitability_management:8.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_regulatory_reporting_for_european_banking_authority:*:*:*:*:*:*:*:* versions from (including) 8.0.6; versions up to (including) 8.1.0 cpe:2.3:a:oracle:financial_services_regulatory_reporting_for_us_federal_reserve:*:*:*:*:*:*:*:* versions from (including) 8.0.6; versions up to (including) 8.0.9 cpe:2.3:a:oracle:healthcare_foundation:7.1.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:healthcare_foundation:7.2.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:healthcare_foundation:7.2.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:healthcare_foundation:7.3.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:hospitality_materials_control:18.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:hospitality_simphony:*:*:*:*:*:*:*:* versions from (including) 19.1.0; versions up to (including) 19.1.2 cpe:2.3:a:oracle:hospitality_simphony:18.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:hospitality_simphony:18.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:hospitality_simphony:19.1.0-19.1.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:insurance_accounting_analyzer:8.0.9:*:*:*:*:*:*:* cpe:2.3:a:oracle:insurance_allocation_manager_for_enterprise_profitability:8.0.8:*:*:*:*:*:*:* cpe:2.3:a:oracle:insurance_allocation_manager_for_enterprise_profitability:8.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:insurance_data_foundation:*:*:*:*:*:*:*:* versions from (including) 8.0.6; versions up to (including) 8.1.0 cpe:2.3:a:oracle:insurance_data_foundation:8.0.6-8.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:*:*:*:*:*:*:*:* versions from (including) 5.0.0.0; versions up to (including) 5.6.0.0 cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:5.6.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:jdeveloper:11.1.1.9.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:jdeveloper:12.2.1.3.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:jdeveloper:12.2.1.4.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.56:*:*:*:*:*:*:* cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57:*:*:*:*:*:*:* cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:*:*:*:*:*:*:* cpe:2.3:a:oracle:policy_automation:*:*:*:*:*:*:*:* versions from (including) 12.2.0; versions up to (including) 12.2.20 cpe:2.3:a:oracle:policy_automation_connector_for_siebel:10.4.6:*:*:*:*:*:*:* cpe:2.3:a:oracle:policy_automation_for_mobile_devices:*:*:*:*:*:*:*:* versions from (including) 12.2.0; versions up to (including) 12.2.20 cpe:2.3:a:oracle:retail_back_office:14.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:retail_back_office:14.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:retail_customer_management_and_segmentation_foundation:19.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:retail_returns_management:14.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:retail_returns_management:14.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:siebel_ui_framework:20.8:*:*:*:*:*:*:* cpe:2.3:a:oracle:storagetek_acsls:8.5.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:weblogic_server:10.3.6.0.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:weblogic_server:12.1.3.0.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:* cpe:2.3:a:tenable:log_correlation_engine:*:*:*:*:*:*:*:* versions up to (excluding) 6.0.9 CVE-2020-11023 suppress
In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing <option> elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0. CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVSSv2:
Base Score: MEDIUM (4.3) Vector: /AV:N/AC:M/Au:N/C:N/I:P/A:N CVSSv3:
Base Score: MEDIUM (6.1) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:2.8/RC:R/MAV:A References:
info - https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/ security-advisories@github.com - BROKEN_LINK security-advisories@github.com - BROKEN_LINK security-advisories@github.com - BROKEN_LINK,MAILING_LIST,THIRD_PARTY_ADVISORY security-advisories@github.com - EXPLOIT,THIRD_PARTY_ADVISORY,VDB_ENTRY security-advisories@github.com - MAILING_LIST,THIRD_PARTY_ADVISORY security-advisories@github.com - PATCH,THIRD_PARTY_ADVISORY security-advisories@github.com - PATCH,THIRD_PARTY_ADVISORY security-advisories@github.com - PATCH,THIRD_PARTY_ADVISORY security-advisories@github.com - PATCH,THIRD_PARTY_ADVISORY security-advisories@github.com - PATCH,THIRD_PARTY_ADVISORY security-advisories@github.com - RELEASE_NOTES,VENDOR_ADVISORY security-advisories@github.com - RELEASE_NOTES,VENDOR_ADVISORY security-advisories@github.com - THIRD_PARTY_ADVISORY security-advisories@github.com - THIRD_PARTY_ADVISORY security-advisories@github.com - THIRD_PARTY_ADVISORY security-advisories@github.com - THIRD_PARTY_ADVISORY security-advisories@github.com - THIRD_PARTY_ADVISORY security-advisories@github.com - THIRD_PARTY_ADVISORY security-advisories@github.com - THIRD_PARTY_ADVISORY security-advisories@github.com - THIRD_PARTY_ADVISORY security-advisories@github.com - THIRD_PARTY_ADVISORY security-advisories@github.com - THIRD_PARTY_ADVISORY security-advisories@github.com - THIRD_PARTY_ADVISORY Vulnerable Software & Versions (NVD):
cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:* versions from (including) 7.0; versions up to (excluding) 7.70 cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:* versions from (including) 8.7.0; versions up to (excluding) 8.7.14 cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:* versions from (including) 8.8.0; versions up to (excluding) 8.8.6 cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:* versions from (including) 1.0.3; versions up to (excluding) 3.5.0 cpe:2.3:a:netapp:max_data:-:*:*:*:*:*:*:* cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:* cpe:2.3:a:netapp:oncommand_system_manager:*:*:*:*:*:*:*:* versions from (including) 3.0; versions up to (including) 3.1.3 cpe:2.3:a:netapp:snap_creator_framework:-:*:*:*:*:*:*:* cpe:2.3:a:netapp:snapcenter_server:-:*:*:*:*:*:*:* cpe:2.3:a:oracle:application_express:*:*:*:*:*:*:*:* versions up to (excluding) 20.2 cpe:2.3:a:oracle:application_testing_suite:13.3.0.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:banking_enterprise_collections:*:*:*:*:*:*:*:* versions from (including) 2.7.0; versions up to (including) 2.8.0 cpe:2.3:a:oracle:banking_platform:*:*:*:*:*:*:*:* versions from (including) 2.4.0; versions up to (including) 2.10.0 cpe:2.3:a:oracle:business_intelligence:5.9.0.0.0:*:*:*:enterprise:*:*:* cpe:2.3:a:oracle:communications_analytics:12.1.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_eagle_application_processor:*:*:*:*:*:*:*:* versions from (including) 16.1.0; versions up to (including) 16.4.0 cpe:2.3:a:oracle:communications_element_manager:8.1.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_element_manager:8.2.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_element_manager:8.2.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_interactive_session_recorder:*:*:*:*:*:*:*:* versions from (including) 6.1; versions up to (including) 6.4 cpe:2.3:a:oracle:communications_operations_monitor:*:*:*:*:*:*:*:* versions from (including) 4.1; versions up to (including) 4.3 cpe:2.3:a:oracle:communications_operations_monitor:3.4:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_services_gatekeeper:7.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_session_report_manager:8.1.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_session_report_manager:8.2.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_session_report_manager:8.2.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_session_route_manager:8.1.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_session_route_manager:8.2.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_session_route_manager:8.2.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_regulatory_reporting_for_de_nederlandsche_bank:8.0.4:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_revenue_management_and_billing_analytics:2.7:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_revenue_management_and_billing_analytics:2.8:*:*:*:*:*:*:* cpe:2.3:a:oracle:health_sciences_inform:6.3.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:healthcare_translational_research:3.2.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:healthcare_translational_research:3.3.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:healthcare_translational_research:3.3.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:healthcare_translational_research:3.4.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:hyperion_financial_reporting:11.1.2.4:*:*:*:*:*:*:* cpe:2.3:a:oracle:jd_edwards_enterpriseone_orchestrator:*:*:*:*:*:*:*:* versions up to (excluding) 9.2.5.0 cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:*:*:*:*:*:*:*:* versions up to (excluding) 9.2.5.0 cpe:2.3:a:oracle:oss_support_tools:*:*:*:*:*:*:*:* versions up to (excluding) 2.12.41 cpe:2.3:a:oracle:peoplesoft_enterprise_human_capital_management_resources:9.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:* versions from (including) 16.2; versions up to (including) 16.2.11 cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:* versions from (including) 17.12.0; versions up to (including) 17.12.7 cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:* versions from (including) 18.8.0; versions up to (including) 18.8.9 cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:* versions from (including) 19.12.0; versions up to (including) 19.12.4 cpe:2.3:a:oracle:rest_data_services:18c:*:*:*:-:*:*:* cpe:2.3:a:oracle:rest_data_services:19c:*:*:*:-:*:*:* cpe:2.3:a:oracle:rest_data_services:11.2.0.4:*:*:*:-:*:*:* cpe:2.3:a:oracle:rest_data_services:12.1.0.2:*:*:*:-:*:*:* cpe:2.3:a:oracle:rest_data_services:12.2.0.1:*:*:*:-:*:*:* cpe:2.3:a:oracle:siebel_mobile:*:*:*:*:*:*:*:* versions up to (including) 20.12 cpe:2.3:a:oracle:storagetek_acsls:8.5.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:storagetek_tape_analytics_sw_tool:2.3.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:webcenter_sites:12.2.1.3.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:webcenter_sites:12.2.1.4.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:weblogic_server:12.1.3.0.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:* cpe:2.3:a:tenable:log_correlation_engine:*:*:*:*:*:*:*:* versions up to (excluding) 6.0.9 hbase-server-2.0.0-alpha4.jar: tab.jsFile Path: /home/runner/.m2/repository/org/apache/hbase/hbase-server/2.0.0-alpha4/hbase-server-2.0.0-alpha4.jar/hbase-webapps/static/js/tab.jsMD5: 021dd994239798184daf0ec3604e5109SHA1: 15983923aa7bed93d05545141878a33ea7b1f52cSHA256: 9116a482ec22f6d2aa45854c898dcdea5a8b0ecc41afbf756f28c6fac9963575Referenced In Project/Scope: shardingsphere-infra-database-hive:provided
Evidence Type Source Name Value Confidence
hbase-shaded-client-1.7.1.jar (shaded: com.google.code.gson:gson:2.8.5)File Path: /home/runner/.m2/repository/org/apache/hbase/hbase-shaded-client/1.7.1/hbase-shaded-client-1.7.1.jar/META-INF/maven/com.google.code.gson/gson/pom.xmlMD5: 513c30c3b385f63f2c4575d9e29dc071SHA1: 2c18fa1082aa1c422aece88244c084be50c76500SHA256: b8308557a7fccc92d9fe7c8cd0599258b361285d2ecde7689eda98843255a092Referenced In Project/Scope: shardingsphere-proxy-backend-hbase:compile
Evidence Type Source Name Value Confidence Vendor pom artifactid gson Low Vendor pom groupid com.google.code.gson Highest Vendor pom name Gson High Vendor pom parent-artifactid gson-parent Low Product pom artifactid gson Highest Product pom groupid com.google.code.gson Highest Product pom name Gson High Product pom parent-artifactid gson-parent Medium Version pom version 2.8.5 Highest
CVE-2022-25647 suppress
The package com.google.code.gson:gson before 2.8.9 are vulnerable to Deserialization of Untrusted Data via the writeReplace() method in internal classes, which may lead to DoS attacks. CWE-502 Deserialization of Untrusted Data
CVSSv2:
Base Score: MEDIUM (5.0) Vector: /AV:N/AC:L/Au:N/C:N/I:N/A:P CVSSv3:
Base Score: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:3.9/RC:R/MAV:A References:
Vulnerable Software & Versions: (show all )
hbase-shaded-client-1.7.1.jar (shaded: com.google.guava:guava:12.0.1)Description:
Guava is a suite of core and expanded libraries that include
utility classes, google's collections, io classes, and much
much more.
Guava has only one code dependency - javax.annotation,
per the JSR-305 spec.
File Path: /home/runner/.m2/repository/org/apache/hbase/hbase-shaded-client/1.7.1/hbase-shaded-client-1.7.1.jar/META-INF/maven/com.google.guava/guava/pom.xmlMD5: 0e4ced2c89e7dc46acc2f0d0849fcea1SHA1: dc5edf4a695b89e85c278ee5a7b4a689ff823b43SHA256: 6c3379ef723321e757ea4bcf0fb3985cc39f24d20fca555841fd5f8809e21c49Referenced In Project/Scope: shardingsphere-proxy-backend-hbase:compile
Evidence Type Source Name Value Confidence Vendor pom artifactid guava Low Vendor pom groupid com.google.guava Highest Vendor pom name Guava: Google Core Libraries for Java High Vendor pom parent-artifactid guava-parent Low Product pom artifactid guava Highest Product pom groupid com.google.guava Highest Product pom name Guava: Google Core Libraries for Java High Product pom parent-artifactid guava-parent Medium Version pom version 12.0.1 Highest
CVE-2023-2976 suppress
Use of Java's default temporary directory for file creation in `FileBackedOutputStream` in Google Guava versions 1.0 to 31.1 on Unix systems and Android Ice Cream Sandwich allows other users and apps on the machine with access to the default Java temporary directory to be able to access the files created by the class.
Even though the security vulnerability is fixed in version 32.0.0, we recommend using version 32.0.1 as version 32.0.0 breaks some functionality under Windows.
CWE-552 Files or Directories Accessible to External Parties
CVSSv3:
Base Score: HIGH (7.1) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N/E:1.8/RC:R/MAV:A References:
Vulnerable Software & Versions:
CVE-2018-10237 suppress
Unbounded memory allocation in Google Guava 11.0 through 24.x before 24.1.1 allows remote attackers to conduct denial of service attacks against servers that depend on this library and deserialize attacker-provided data, because the AtomicDoubleArray class (when serialized with Java serialization) and the CompoundOrdering class (when serialized with GWT serialization) perform eager allocation without appropriate checks on what a client has sent and whether the data size is reasonable. CWE-770 Allocation of Resources Without Limits or Throttling
CVSSv2:
Base Score: MEDIUM (4.3) Vector: /AV:N/AC:M/Au:N/C:N/I:N/A:P CVSSv3:
Base Score: MEDIUM (5.9) Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:2.2/RC:R/MAV:A References:
Vulnerable Software & Versions: (show all )
CVE-2020-8908 suppress
A temp directory creation vulnerability exists in all versions of Guava, allowing an attacker with access to the machine to potentially access data in a temporary directory created by the Guava API com.google.common.io.Files.createTempDir(). By default, on unix-like systems, the created directory is world-readable (readable by an attacker with access to the system). The method in question has been marked @Deprecated in versions 30.0 and later and should not be used. For Android developers, we recommend choosing a temporary directory API provided by Android, such as context.getCacheDir(). For other Java developers, we recommend migrating to the Java 7 API java.nio.file.Files.createTempDirectory() which explicitly configures permissions of 700, or configuring the Java runtime's java.io.tmpdir system property to point to a location whose permissions are appropriately configured.
CWE-378 Creation of Temporary File With Insecure Permissions, CWE-732 Incorrect Permission Assignment for Critical Resource
CVSSv2:
Base Score: LOW (2.1) Vector: /AV:L/AC:L/Au:N/C:P/I:N/A:N CVSSv3:
Base Score: LOW (3.3) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:1.8/RC:R/MAV:A References:
Vulnerable Software & Versions: (show all )
hbase-shaded-client-1.7.1.jar (shaded: com.google.protobuf:protobuf-java:2.5.0)Description:
Protocol Buffers are a way of encoding structured data in an efficient yet
extensible format.
License:
New BSD license: http://www.opensource.org/licenses/bsd-license.php File Path: /home/runner/.m2/repository/org/apache/hbase/hbase-shaded-client/1.7.1/hbase-shaded-client-1.7.1.jar/META-INF/maven/com.google.protobuf/protobuf-java/pom.xml
MD5: 8f761580cb2cdc4f13e82c1368f99e5e
SHA1: d0b411e81d63761989f1329e8650ef27f6f77d25
SHA256: 9d837a52af87aa417ca14aeec39d0eae34f3fe58aae5e36397e6f0e12d5d4f47
Referenced In Project/Scope: shardingsphere-proxy-backend-hbase:compile
Evidence Type Source Name Value Confidence Vendor pom artifactid protobuf-java Low Vendor pom groupid com.google.protobuf Highest Vendor pom name Protocol Buffer Java API High Vendor pom parent-artifactid google Low Vendor pom parent-groupid com.google Medium Vendor pom url http://code.google.com/p/protobuf Highest Product pom artifactid protobuf-java Highest Product pom groupid com.google.protobuf Highest Product pom name Protocol Buffer Java API High Product pom parent-artifactid google Medium Product pom parent-groupid com.google Medium Product pom url http://code.google.com/p/protobuf Medium Version pom parent-version 2.5.0 Low Version pom version 2.5.0 Highest
CVE-2022-3171 suppress
A parsing issue with binary data in protobuf-java core and lite versions prior to 3.21.7, 3.20.3, 3.19.6 and 3.16.3 can lead to a denial of service attack. Inputs containing multiple instances of non-repeated embedded messages with repeated or unknown fields causes objects to be converted back-n-forth between mutable and immutable forms, resulting in potentially long garbage collection pauses. We recommend updating to the versions mentioned above. CWE-20 Improper Input Validation, NVD-CWE-noinfo
CVSSv3:
Base Score: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:3.9/RC:R/MAV:A References:
Vulnerable Software & Versions: (show all )
CVE-2022-3509 (OSSINDEX) suppress
A parsing issue similar to CVE-2022-3171, but with textformat in protobuf-java core and lite versions prior to 3.21.7, 3.20.3, 3.19.6 and 3.16.3 can lead to a denial of service attack. Inputs containing multiple instances of non-repeated embedded messages with repeated or unknown fields causes objects to be converted back-n-forth between mutable and immutable forms, resulting in potentially long garbage collection pauses. We recommend updating to the versions mentioned above. CWE-20 Improper Input Validation
CVSSv3:
Base Score: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H References:
Vulnerable Software & Versions (OSSINDEX):
cpe:2.3:a:com.google.protobuf:protobuf-java:2.5.0:*:*:*:*:*:*:* CVE-2021-22569 suppress
An issue in protobuf-java allowed the interleaving of com.google.protobuf.UnknownFieldSet fields in such a way that would be processed out of order. A small malicious payload can occupy the parser for several minutes by creating large numbers of short-lived objects that cause frequent, repeated pauses. We recommend upgrading libraries beyond the vulnerable versions. NVD-CWE-noinfo, CWE-696 Incorrect Behavior Order
CVSSv2:
Base Score: MEDIUM (4.3) Vector: /AV:N/AC:M/Au:N/C:N/I:N/A:P CVSSv3:
Base Score: MEDIUM (5.5) Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:1.8/RC:R/MAV:A References:
Vulnerable Software & Versions: (show all )
hbase-shaded-client-1.7.1.jar (shaded: com.jcraft:jsch:0.1.54)Description:
JSch is a pure Java implementation of SSH2 License:
Revised BSD: http://www.jcraft.com/jsch/LICENSE.txt File Path: /home/runner/.m2/repository/org/apache/hbase/hbase-shaded-client/1.7.1/hbase-shaded-client-1.7.1.jar/META-INF/maven/com.jcraft/jsch/pom.xml
MD5: f091d901b6894623e47920a163ead7b7
SHA1: 8e82e6a2cb5664170faa2a5abdc297e589a37df1
SHA256: ab8f512039be7f6ae20e18e743b4a9d8a20958494431917da58ae5aaef8a3478
Referenced In Project/Scope: shardingsphere-proxy-backend-hbase:compile
Evidence Type Source Name Value Confidence Vendor pom artifactid jsch Low Vendor pom developer email ymnk at jcraft D0t com Low Vendor pom developer id ymnk Medium Vendor pom developer name Atsuhiko Yamanaka Medium Vendor pom developer org JCraft,Inc. Medium Vendor pom developer org URL http://www.jcraft.com/ Medium Vendor pom groupid com.jcraft Highest Vendor pom name JSch High Vendor pom organization name JCraft,Inc. High Vendor pom organization url http://www.jcraft.com/ Medium Vendor pom url http://www.jcraft.com/jsch/ Highest Product pom artifactid jsch Highest Product pom developer email ymnk at jcraft D0t com Low Product pom developer id ymnk Low Product pom developer name Atsuhiko Yamanaka Low Product pom developer org JCraft,Inc. Low Product pom developer org URL http://www.jcraft.com/ Low Product pom groupid com.jcraft Highest Product pom name JSch High Product pom organization name JCraft,Inc. Low Product pom organization url http://www.jcraft.com/ Low Product pom url http://www.jcraft.com/jsch/ Medium Version pom version 0.1.54 Highest
hbase-shaded-client-1.7.1.jar (shaded: com.thoughtworks.paranamer:paranamer:2.3)File Path: /home/runner/.m2/repository/org/apache/hbase/hbase-shaded-client/1.7.1/hbase-shaded-client-1.7.1.jar/META-INF/maven/com.thoughtworks.paranamer/paranamer/pom.xmlMD5: 4468c1c7783db291b4c518e33a87fe76SHA1: 2d5b644579cd14d1b1b7ef7e21cb8a637e04913eSHA256: 1bd0fb4210d4f17d87c9a83a9d5d1de4c089183b4a773d766d7039130fc3514bReferenced In Project/Scope: shardingsphere-proxy-backend-hbase:compile
Evidence Type Source Name Value Confidence Vendor pom artifactid paranamer Low Vendor pom groupid com.thoughtworks.paranamer Highest Vendor pom name ParaNamer Core High Vendor pom parent-artifactid paranamer-parent Low Product pom artifactid paranamer Highest Product pom groupid com.thoughtworks.paranamer Highest Product pom name ParaNamer Core High Product pom parent-artifactid paranamer-parent Medium Version pom version 2.3 Highest
hbase-shaded-client-1.7.1.jar (shaded: com.yammer.metrics:metrics-core:2.2.0)File Path: /home/runner/.m2/repository/org/apache/hbase/hbase-shaded-client/1.7.1/hbase-shaded-client-1.7.1.jar/META-INF/maven/com.yammer.metrics/metrics-core/pom.xmlMD5: 5a780b66e4af803ffedea21b73974c97SHA1: 295b78d3b8539bc17f6474090450f9982e31c188SHA256: b943d4e685121719606ee8006be23ad7087688e0611b0ca971e00b0382bb7077Referenced In Project/Scope: shardingsphere-proxy-backend-hbase:compile
Evidence Type Source Name Value Confidence Vendor pom artifactid metrics-core Low Vendor pom groupid com.yammer.metrics Highest Vendor pom name Metrics Core Library High Vendor pom parent-artifactid metrics-parent Low Product pom artifactid metrics-core Highest Product pom groupid com.yammer.metrics Highest Product pom name Metrics Core Library High Product pom parent-artifactid metrics-parent Medium Version pom version 2.2.0 Highest
hbase-shaded-client-1.7.1.jar (shaded: commons-codec:commons-codec:1.9)Description:
The Apache Commons Codec package contains simple encoder and decoders for
various formats such as Base64 and Hexadecimal. In addition to these
widely used encoders and decoders, the codec package also maintains a
collection of phonetic encoding utilities.
File Path: /home/runner/.m2/repository/org/apache/hbase/hbase-shaded-client/1.7.1/hbase-shaded-client-1.7.1.jar/META-INF/maven/commons-codec/commons-codec/pom.xmlMD5: 921b8b50ce6dc0c5a8605d7c7011bd37SHA1: f5357ff0f308600af3660bf00a8be3415a335723SHA256: e5efcf039cd909688c201dc5479b144fd6f01f0e40252b7fc5e7d2e1b5c07990Referenced In Project/Scope: shardingsphere-proxy-backend-hbase:compile
Evidence Type Source Name Value Confidence Vendor pom artifactid commons-codec Low Vendor pom developer email bayard@apache.org Low Vendor pom developer email dgraham@apache.org Low Vendor pom developer email dlr@finemaltcoding.com Low Vendor pom developer email ggregory@apache.org Low Vendor pom developer email jon@collab.net Low Vendor pom developer email julius@apache.org Low Vendor pom developer email rwaldhoff@apache.org Low Vendor pom developer email sanders@totalsync.com Low Vendor pom developer email tn@apache.org Low Vendor pom developer email tobrien@apache.org Low Vendor pom developer id bayard Medium Vendor pom developer id dgraham Medium Vendor pom developer id dlr Medium Vendor pom developer id ggregory Medium Vendor pom developer id jon Medium Vendor pom developer id julius Medium Vendor pom developer id rwaldhoff Medium Vendor pom developer id sanders Medium Vendor pom developer id tn Medium Vendor pom developer id tobrien Medium Vendor pom developer name Daniel Rall Medium Vendor pom developer name David Graham Medium Vendor pom developer name Gary Gregory Medium Vendor pom developer name Henri Yandell Medium Vendor pom developer name Jon S. Stevens Medium Vendor pom developer name Julius Davies Medium Vendor pom developer name Rodney Waldhoff Medium Vendor pom developer name Scott Sanders Medium Vendor pom developer name Thomas Neidhart Medium Vendor pom developer name Tim OBrien Medium Vendor pom developer org URL http://juliusdavies.ca/ Medium Vendor pom groupid commons-codec Highest Vendor pom name Apache Commons Codec High Vendor pom parent-artifactid commons-parent Low Vendor pom parent-groupid org.apache.commons Medium Vendor pom url http://commons.apache.org/proper/commons-codec/ Highest Product pom artifactid commons-codec Highest Product pom developer email bayard@apache.org Low Product pom developer email dgraham@apache.org Low Product pom developer email dlr@finemaltcoding.com Low Product pom developer email ggregory@apache.org Low Product pom developer email jon@collab.net Low Product pom developer email julius@apache.org Low Product pom developer email rwaldhoff@apache.org Low Product pom developer email sanders@totalsync.com Low Product pom developer email tn@apache.org Low Product pom developer email tobrien@apache.org Low Product pom developer id bayard Low Product pom developer id dgraham Low Product pom developer id dlr Low Product pom developer id ggregory Low Product pom developer id jon Low Product pom developer id julius Low Product pom developer id rwaldhoff Low Product pom developer id sanders Low Product pom developer id tn Low Product pom developer id tobrien Low Product pom developer name Daniel Rall Low Product pom developer name David Graham Low Product pom developer name Gary Gregory Low Product pom developer name Henri Yandell Low Product pom developer name Jon S. Stevens Low Product pom developer name Julius Davies Low Product pom developer name Rodney Waldhoff Low Product pom developer name Scott Sanders Low Product pom developer name Thomas Neidhart Low Product pom developer name Tim OBrien Low Product pom developer org URL http://juliusdavies.ca/ Low Product pom groupid commons-codec Highest Product pom name Apache Commons Codec High Product pom parent-artifactid commons-parent Medium Product pom parent-groupid org.apache.commons Medium Product pom url http://commons.apache.org/proper/commons-codec/ Medium Version pom parent-version 1.9 Low Version pom version 1.9 Highest
hbase-shaded-client-1.7.1.jar (shaded: commons-collections:commons-collections:3.2.2)Description:
Types that extend and augment the Java Collections Framework. File Path: /home/runner/.m2/repository/org/apache/hbase/hbase-shaded-client/1.7.1/hbase-shaded-client-1.7.1.jar/META-INF/maven/commons-collections/commons-collections/pom.xmlMD5: 2c7f0a369c727689a2409d03237f2d1aSHA1: 02a5ba7cb070a882d2b7bd4bf5223e8e445c0268SHA256: d5d81fcc288c0d8c711c302007cada4aa9a226ed1a112d4baa64cb1d6322170bReferenced In Project/Scope: shardingsphere-proxy-backend-hbase:compile
Evidence Type Source Name Value Confidence Vendor pom artifactid commons-collections Low Vendor pom developer id amamment Medium Vendor pom developer id bayard Medium Vendor pom developer id craigmcc Medium Vendor pom developer id geirm Medium Vendor pom developer id jcarman Medium Vendor pom developer id matth Medium Vendor pom developer id morgand Medium Vendor pom developer id psteitz Medium Vendor pom developer id rdonkin Medium Vendor pom developer id rwaldhoff Medium Vendor pom developer id scolebourne Medium Vendor pom developer name Arun M. Thomas Medium Vendor pom developer name Craig McClanahan Medium Vendor pom developer name Geir Magnusson Medium Vendor pom developer name Henri Yandell Medium Vendor pom developer name James Carman Medium Vendor pom developer name Matthew Hawthorne Medium Vendor pom developer name Morgan Delagrange Medium Vendor pom developer name Phil Steitz Medium Vendor pom developer name Robert Burrell Donkin Medium Vendor pom developer name Rodney Waldhoff Medium Vendor pom developer name Stephen Colebourne Medium Vendor pom groupid commons-collections Highest Vendor pom name Apache Commons Collections High Vendor pom parent-artifactid commons-parent Low Vendor pom parent-groupid org.apache.commons Medium Vendor pom url http://commons.apache.org/collections/ Highest Product pom artifactid commons-collections Highest Product pom developer id amamment Low Product pom developer id bayard Low Product pom developer id craigmcc Low Product pom developer id geirm Low Product pom developer id jcarman Low Product pom developer id matth Low Product pom developer id morgand Low Product pom developer id psteitz Low Product pom developer id rdonkin Low Product pom developer id rwaldhoff Low Product pom developer id scolebourne Low Product pom developer name Arun M. Thomas Low Product pom developer name Craig McClanahan Low Product pom developer name Geir Magnusson Low Product pom developer name Henri Yandell Low Product pom developer name James Carman Low Product pom developer name Matthew Hawthorne Low Product pom developer name Morgan Delagrange Low Product pom developer name Phil Steitz Low Product pom developer name Robert Burrell Donkin Low Product pom developer name Rodney Waldhoff Low Product pom developer name Stephen Colebourne Low Product pom groupid commons-collections Highest Product pom name Apache Commons Collections High Product pom parent-artifactid commons-parent Medium Product pom parent-groupid org.apache.commons Medium Product pom url http://commons.apache.org/collections/ Medium Version pom parent-version 3.2.2 Low Version pom version 3.2.2 Highest
hbase-shaded-client-1.7.1.jar (shaded: commons-io:commons-io:2.4)Description:
The Commons IO library contains utility classes, stream implementations, file filters,
file comparators, endian transformation classes, and much more.
File Path: /home/runner/.m2/repository/org/apache/hbase/hbase-shaded-client/1.7.1/hbase-shaded-client-1.7.1.jar/META-INF/maven/commons-io/commons-io/pom.xmlMD5: a75b48557fe5da29195020755a5b1be7SHA1: 9ece23effe8bce3904f3797a76b1ba6ab681e1b9SHA256: b2b5dd46cf998fa626eb6f8a1c114f6167c8d392694164e62533e5898e9b31f2Referenced In Project/Scope: shardingsphere-proxy-backend-hbase:compile
Evidence Type Source Name Value Confidence Vendor pom artifactid commons-io Low Vendor pom developer email bayard@apache.org Low Vendor pom developer email dion@apache.org Low Vendor pom developer email ggregory@apache.org Low Vendor pom developer email jeremias@apache.org Low Vendor pom developer email jochen.wiedmann@gmail.com Low Vendor pom developer email martinc@apache.org Low Vendor pom developer email matth@apache.org Low Vendor pom developer email nicolaken@apache.org Low Vendor pom developer email roxspring@apache.org Low Vendor pom developer email sanders@apache.org Low Vendor pom developer id bayard Medium Vendor pom developer id dion Medium Vendor pom developer id ggregory Medium Vendor pom developer id jeremias Medium Vendor pom developer id jochen Medium Vendor pom developer id jukka Medium Vendor pom developer id martinc Medium Vendor pom developer id matth Medium Vendor pom developer id niallp Medium Vendor pom developer id nicolaken Medium Vendor pom developer id roxspring Medium Vendor pom developer id sanders Medium Vendor pom developer id scolebourne Medium Vendor pom developer name dIon Gillard Medium Vendor pom developer name Gary Gregory Medium Vendor pom developer name Henri Yandell Medium Vendor pom developer name Jeremias Maerki Medium Vendor pom developer name Jochen Wiedmann Medium Vendor pom developer name Jukka Zitting Medium Vendor pom developer name Martin Cooper Medium Vendor pom developer name Matthew Hawthorne Medium Vendor pom developer name Niall Pemberton Medium Vendor pom developer name Nicola Ken Barozzi Medium Vendor pom developer name Rob Oxspring Medium Vendor pom developer name Scott Sanders Medium Vendor pom developer name Stephen Colebourne Medium Vendor pom groupid commons-io Highest Vendor pom name Commons IO High Vendor pom parent-artifactid commons-parent Low Vendor pom parent-groupid org.apache.commons Medium Vendor pom url http://commons.apache.org/io/ Highest Product pom artifactid commons-io Highest Product pom developer email bayard@apache.org Low Product pom developer email dion@apache.org Low Product pom developer email ggregory@apache.org Low Product pom developer email jeremias@apache.org Low Product pom developer email jochen.wiedmann@gmail.com Low Product pom developer email martinc@apache.org Low Product pom developer email matth@apache.org Low Product pom developer email nicolaken@apache.org Low Product pom developer email roxspring@apache.org Low Product pom developer email sanders@apache.org Low Product pom developer id bayard Low Product pom developer id dion Low Product pom developer id ggregory Low Product pom developer id jeremias Low Product pom developer id jochen Low Product pom developer id jukka Low Product pom developer id martinc Low Product pom developer id matth Low Product pom developer id niallp Low Product pom developer id nicolaken Low Product pom developer id roxspring Low Product pom developer id sanders Low Product pom developer id scolebourne Low Product pom developer name dIon Gillard Low Product pom developer name Gary Gregory Low Product pom developer name Henri Yandell Low Product pom developer name Jeremias Maerki Low Product pom developer name Jochen Wiedmann Low Product pom developer name Jukka Zitting Low Product pom developer name Martin Cooper Low Product pom developer name Matthew Hawthorne Low Product pom developer name Niall Pemberton Low Product pom developer name Nicola Ken Barozzi Low Product pom developer name Rob Oxspring Low Product pom developer name Scott Sanders Low Product pom developer name Stephen Colebourne Low Product pom groupid commons-io Highest Product pom name Commons IO High Product pom parent-artifactid commons-parent Medium Product pom parent-groupid org.apache.commons Medium Product pom url http://commons.apache.org/io/ Medium Version pom parent-version 2.4 Low Version pom version 2.4 Highest
CVE-2021-29425 suppress
In Apache Commons IO before 2.7, When invoking the method FileNameUtils.normalize with an improper input string, like "//../foo", or "\\..\foo", the result would be the same value, thus possibly providing access to files in the parent directory, but not further above (thus "limited" path traversal), if the calling code would use the result to construct a path value. CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'), CWE-20 Improper Input Validation
CVSSv2:
Base Score: MEDIUM (5.8) Vector: /AV:N/AC:M/Au:N/C:P/I:P/A:N CVSSv3:
Base Score: MEDIUM (4.8) Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N/E:2.2/RC:R/MAV:A References:
Vulnerable Software & Versions: (show all )
hbase-shaded-client-1.7.1.jar (shaded: io.netty:netty-all:4.1.8.Final)File Path: /home/runner/.m2/repository/org/apache/hbase/hbase-shaded-client/1.7.1/hbase-shaded-client-1.7.1.jar/META-INF/maven/io.netty/netty-all/pom.xmlMD5: 83e0ce23bfcebdd7d2f10fa17ffe51c2SHA1: 96d427d9a32955d0126832b860562a13c7cfbe4cSHA256: 663baa4fab6c96a559078c4b9a48fd60d9c9a902b514c61d4879488a2700a4fbReferenced In Project/Scope: shardingsphere-proxy-backend-hbase:compile
Evidence Type Source Name Value Confidence Vendor pom artifactid netty-all Low Vendor pom groupid io.netty Highest Vendor pom name Netty/All-in-One High Vendor pom parent-artifactid netty-parent Low Product pom artifactid netty-all Highest Product pom groupid io.netty Highest Product pom name Netty/All-in-One High Product pom parent-artifactid netty-parent Medium Version pom version 4.1.8.Final Highest
CVE-2019-20444 suppress
HttpObjectDecoder.java in Netty before 4.1.44 allows an HTTP header that lacks a colon, which might be interpreted as a separate header with an incorrect syntax, or might be interpreted as an "invalid fold." CWE-444 Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')
CVSSv2:
Base Score: MEDIUM (6.4) Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:N CVSSv3:
Base Score: CRITICAL (9.1) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:3.9/RC:R/MAV:A References:
Vulnerable Software & Versions: (show all )
CVE-2019-20445 suppress
HttpObjectDecoder.java in Netty before 4.1.44 allows a Content-Length header to be accompanied by a second Content-Length header, or by a Transfer-Encoding header. CWE-444 Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')
CVSSv2:
Base Score: MEDIUM (6.4) Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:N CVSSv3:
Base Score: CRITICAL (9.1) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:3.9/RC:R/MAV:A References:
Vulnerable Software & Versions: (show all )
CVE-2019-16869 suppress
Netty before 4.1.42.Final mishandles whitespace before the colon in HTTP headers (such as a "Transfer-Encoding : chunked" line), which leads to HTTP request smuggling. CWE-444 Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')
CVSSv2:
Base Score: MEDIUM (5.0) Vector: /AV:N/AC:L/Au:N/C:N/I:P/A:N CVSSv3:
Base Score: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:3.9/RC:R/MAV:A References:
Vulnerable Software & Versions: (show all )
CVE-2019-9518 (OSSINDEX) suppress
Some HTTP/2 implementations are vulnerable to a flood of empty frames, potentially leading to a denial of service. The attacker sends a stream of frames with an empty payload and without the end-of-stream flag. These frames can be DATA, HEADERS, CONTINUATION and/or PUSH_PROMISE. The peer spends time processing each frame disproportionate to attack bandwidth. This can consume excess CPU. CWE-400 Uncontrolled Resource Consumption
CVSSv3:
Base Score: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H References:
Vulnerable Software & Versions (OSSINDEX):
cpe:2.3:a:io.netty:netty-all:4.1.8.Final:*:*:*:*:*:*:* CVE-2020-11612 suppress
The ZlibDecoders in Netty 4.1.x before 4.1.46 allow for unbounded memory allocation while decoding a ZlibEncoded byte stream. An attacker could send a large ZlibEncoded byte stream to the Netty server, forcing the server to allocate all of its free memory to a single decoder. CWE-770 Allocation of Resources Without Limits or Throttling
CVSSv2:
Base Score: MEDIUM (5.0) Vector: /AV:N/AC:L/Au:N/C:N/I:N/A:P CVSSv3:
Base Score: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:3.9/RC:R/MAV:A References:
Vulnerable Software & Versions: (show all )
CVE-2020-7238 (OSSINDEX) suppress
Netty 4.1.43.Final allows HTTP Request Smuggling because it mishandles Transfer-Encoding whitespace (such as a [space]Transfer-Encoding:chunked line) and a later Content-Length header. This issue exists because of an incomplete fix for CVE-2019-16869. CWE-444 Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')
CVSSv3:
Base Score: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N References:
Vulnerable Software & Versions (OSSINDEX):
cpe:2.3:a:io.netty:netty-all:4.1.8.Final:*:*:*:*:*:*:* CVE-2021-37136 suppress
The Bzip2 decompression decoder function doesn't allow setting size restrictions on the decompressed output data (which affects the allocation size used during decompression). All users of Bzip2Decoder are affected. The malicious input can trigger an OOME and so a DoS attack CWE-400 Uncontrolled Resource Consumption
CVSSv2:
Base Score: MEDIUM (5.0) Vector: /AV:N/AC:L/Au:N/C:N/I:N/A:P CVSSv3:
Base Score: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:3.9/RC:R/MAV:A References:
Vulnerable Software & Versions: (show all )
CVE-2021-37137 suppress
The Snappy frame decoder function doesn't restrict the chunk length which may lead to excessive memory usage. Beside this it also may buffer reserved skippable chunks until the whole chunk was received which may lead to excessive memory usage as well. This vulnerability can be triggered by supplying malicious input that decompresses to a very big size (via a network stream or a file) or by sending a huge skippable chunk. CWE-400 Uncontrolled Resource Consumption
CVSSv2:
Base Score: MEDIUM (5.0) Vector: /AV:N/AC:L/Au:N/C:N/I:N/A:P CVSSv3:
Base Score: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:3.9/RC:R/MAV:A References:
Vulnerable Software & Versions: (show all )
CVE-2022-41881 suppress
Netty project is an event-driven asynchronous network application framework. In versions prior to 4.1.86.Final, a StackOverflowError can be raised when parsing a malformed crafted message due to an infinite recursion. This issue is patched in version 4.1.86.Final. There is no workaround, except using a custom HaProxyMessageDecoder. CWE-674 Uncontrolled Recursion
CVSSv3:
Base Score: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:3.9/RC:R/MAV:A References:
Vulnerable Software & Versions:
CVE-2023-44487 suppress
CISA Known Exploited Vulnerability: Product: IETF HTTP/2 Name: HTTP/2 Rapid Reset Attack Vulnerability Date Added: 2023-10-10 Description: HTTP/2 contains a rapid reset vulnerability that allows for a distributed denial-of-service attack (DDoS). Required Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. Due Date: 2023-10-31 Notes: This vulnerability affects a common open-source component, third-party library, or a protocol used by different products. Please check with specific vendors for information on patching status. For more information, please see: https://blog.cloudflare.com/technical-breakdown-http2-rapid-reset-ddos-attack/
The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. CWE-400 Uncontrolled Resource Consumption
CVSSv3:
Base Score: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:3.9/RC:R/MAV:A References:
cve@mitre.org - EXPLOIT,THIRD_PARTY_ADVISORY cve@mitre.org - ISSUE_TRACKING cve@mitre.org - ISSUE_TRACKING,PATCH,VENDOR_ADVISORY cve@mitre.org - ISSUE_TRACKING,PATCH,VENDOR_ADVISORY cve@mitre.org - ISSUE_TRACKING,PATCH,VENDOR_ADVISORY cve@mitre.org - ISSUE_TRACKING,PATCH,VENDOR_ADVISORY cve@mitre.org - ISSUE_TRACKING,PRESS/MEDIA_COVERAGE cve@mitre.org - ISSUE_TRACKING,THIRD_PARTY_ADVISORY cve@mitre.org - ISSUE_TRACKING,THIRD_PARTY_ADVISORY cve@mitre.org - ISSUE_TRACKING,THIRD_PARTY_ADVISORY cve@mitre.org - ISSUE_TRACKING,THIRD_PARTY_ADVISORY cve@mitre.org - ISSUE_TRACKING,VENDOR_ADVISORY cve@mitre.org - ISSUE_TRACKING,VENDOR_ADVISORY cve@mitre.org - ISSUE_TRACKING,VENDOR_ADVISORY cve@mitre.org - ISSUE_TRACKING,VENDOR_ADVISORY cve@mitre.org - ISSUE_TRACKING,VENDOR_ADVISORY cve@mitre.org - ISSUE_TRACKING,VENDOR_ADVISORY cve@mitre.org - ISSUE_TRACKING,VENDOR_ADVISORY cve@mitre.org - ISSUE_TRACKING,VENDOR_ADVISORY cve@mitre.org - ISSUE_TRACKING,VENDOR_ADVISORY cve@mitre.org - ISSUE_TRACKING,VENDOR_ADVISORY cve@mitre.org - ISSUE_TRACKING,VENDOR_ADVISORY cve@mitre.org - ISSUE_TRACKING,VENDOR_ADVISORY cve@mitre.org - ISSUE_TRACKING,VENDOR_ADVISORY cve@mitre.org - ISSUE_TRACKING,VENDOR_ADVISORY cve@mitre.org - ISSUE_TRACKING,VENDOR_ADVISORY cve@mitre.org - ISSUE_TRACKING,VENDOR_ADVISORY cve@mitre.org - ISSUE_TRACKING,VENDOR_ADVISORY cve@mitre.org - ISSUE_TRACKING,VENDOR_ADVISORY cve@mitre.org - MAILING_LIST cve@mitre.org - MAILING_LIST,PATCH,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,PATCH,VENDOR_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,VENDOR_ADVISORY cve@mitre.org - MAILING_LIST,VENDOR_ADVISORY cve@mitre.org - MITIGATION,PATCH,VENDOR_ADVISORY cve@mitre.org - MITIGATION,PATCH,VENDOR_ADVISORY cve@mitre.org - MITIGATION,VENDOR_ADVISORY cve@mitre.org - MITIGATION,VENDOR_ADVISORY cve@mitre.org - PATCH,THIRD_PARTY_ADVISORY cve@mitre.org - PATCH,THIRD_PARTY_ADVISORY cve@mitre.org - PATCH,VENDOR_ADVISORY cve@mitre.org - PATCH,VENDOR_ADVISORY cve@mitre.org - PATCH,VENDOR_ADVISORY cve@mitre.org - PATCH,VENDOR_ADVISORY cve@mitre.org - PATCH,VENDOR_ADVISORY cve@mitre.org - PATCH,VENDOR_ADVISORY cve@mitre.org - PATCH,VENDOR_ADVISORY cve@mitre.org - PATCH,VENDOR_ADVISORY cve@mitre.org - PATCH,VENDOR_ADVISORY cve@mitre.org - PATCH,VENDOR_ADVISORY cve@mitre.org - PRESS/MEDIA_COVERAGE cve@mitre.org - PRESS/MEDIA_COVERAGE,THIRD_PARTY_ADVISORY cve@mitre.org - PRESS/MEDIA_COVERAGE,THIRD_PARTY_ADVISORY cve@mitre.org - PRESS/MEDIA_COVERAGE,THIRD_PARTY_ADVISORY cve@mitre.org - PRESS/MEDIA_COVERAGE,THIRD_PARTY_ADVISORY cve@mitre.org - PRODUCT,RELEASE_NOTES,VENDOR_ADVISORY cve@mitre.org - PRODUCT,THIRD_PARTY_ADVISORY cve@mitre.org - PRODUCT,THIRD_PARTY_ADVISORY cve@mitre.org - PRODUCT,VENDOR_ADVISORY cve@mitre.org - RELEASE_NOTES,THIRD_PARTY_ADVISORY cve@mitre.org - RELEASE_NOTES,THIRD_PARTY_ADVISORY cve@mitre.org - RELEASE_NOTES,VENDOR_ADVISORY cve@mitre.org - RELEASE_NOTES,VENDOR_ADVISORY cve@mitre.org - TECHNICAL_DESCRIPTION,THIRD_PARTY_ADVISORY cve@mitre.org - TECHNICAL_DESCRIPTION,VENDOR_ADVISORY cve@mitre.org - TECHNICAL_DESCRIPTION,VENDOR_ADVISORY cve@mitre.org - TECHNICAL_DESCRIPTION,VENDOR_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY,US_GOVERNMENT_RESOURCE cve@mitre.org - VENDOR_ADVISORY cve@mitre.org - VENDOR_ADVISORY cve@mitre.org - VENDOR_ADVISORY cve@mitre.org - VENDOR_ADVISORY cve@mitre.org - VENDOR_ADVISORY cve@mitre.org - VENDOR_ADVISORY cve@mitre.org - VENDOR_ADVISORY cve@mitre.org - VENDOR_ADVISORY cve@mitre.org - VENDOR_ADVISORY cve@mitre.org - VENDOR_ADVISORY cve@mitre.org - VENDOR_ADVISORY cve@mitre.org - VENDOR_ADVISORY cve@mitre.org - VENDOR_ADVISORY cve@mitre.org - VENDOR_ADVISORY cve@mitre.org - VENDOR_ADVISORY cve@mitre.org - VENDOR_ADVISORY cve@mitre.org - VENDOR_ADVISORY cve@mitre.org - VENDOR_ADVISORY cve@mitre.org - VENDOR_ADVISORY cve@mitre.org - VENDOR_ADVISORY cve@mitre.org - VENDOR_ADVISORY Vulnerable Software & Versions: (show all )
CVE-2021-43797 suppress
Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. Netty prior to version 4.1.71.Final skips control chars when they are present at the beginning / end of the header name. It should instead fail fast as these are not allowed by the spec and could lead to HTTP request smuggling. Failing to do the validation might cause netty to "sanitize" header names before it forward these to another remote system when used as proxy. This remote system can't see the invalid usage anymore, and therefore does not do the validation itself. Users should upgrade to version 4.1.71.Final. CWE-444 Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')
CVSSv2:
Base Score: MEDIUM (4.3) Vector: /AV:N/AC:M/Au:N/C:N/I:P/A:N CVSSv3:
Base Score: MEDIUM (6.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:2.8/RC:R/MAV:A References:
Vulnerable Software & Versions: (show all )
CVE-2023-34462 suppress
Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. The `SniHandler` can allocate up to 16MB of heap for each channel during the TLS handshake. When the handler or the channel does not have an idle timeout, it can be used to make a TCP server using the `SniHandler` to allocate 16MB of heap. The `SniHandler` class is a handler that waits for the TLS handshake to configure a `SslHandler` according to the indicated server name by the `ClientHello` record. For this matter it allocates a `ByteBuf` using the value defined in the `ClientHello` record. Normally the value of the packet should be smaller than the handshake packet but there are not checks done here and the way the code is written, it is possible to craft a packet that makes the `SslClientHelloHandler`. This vulnerability has been fixed in version 4.1.94.Final. CWE-400 Uncontrolled Resource Consumption, CWE-770 Allocation of Resources Without Limits or Throttling
CVSSv3:
Base Score: MEDIUM (6.5) Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:2.8/RC:R/MAV:A References:
Vulnerable Software & Versions:
CVE-2021-21295 suppress
Netty is an open-source, asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. In Netty (io.netty:netty-codec-http2) before version 4.1.60.Final there is a vulnerability that enables request smuggling. If a Content-Length header is present in the original HTTP/2 request, the field is not validated by `Http2MultiplexHandler` as it is propagated up. This is fine as long as the request is not proxied through as HTTP/1.1. If the request comes in as an HTTP/2 stream, gets converted into the HTTP/1.1 domain objects (`HttpRequest`, `HttpContent`, etc.) via `Http2StreamFrameToHttpObjectCodec `and then sent up to the child channel's pipeline and proxied through a remote peer as HTTP/1.1 this may result in request smuggling. In a proxy case, users may assume the content-length is validated somehow, which is not the case. If the request is forwarded to a backend channel that is a HTTP/1.1 connection, the Content-Length now has meaning and needs to be checked. An attacker can smuggle requests inside the body as it gets downgraded from HTTP/2 to HTTP/1.1. For an example attack refer to the linked GitHub Advisory. Users are only affected if all of this is true: `HTTP2MultiplexCodec` or `Http2FrameCodec` is used, `Http2StreamFrameToHttpObjectCodec` is used to convert to HTTP/1.1 objects, and these HTTP/1.1 objects are forwarded to another remote peer. This has been patched in 4.1.60.Final As a workaround, the user can do the validation by themselves by implementing a custom `ChannelInboundHandler` that is put in the `ChannelPipeline` behind `Http2StreamFrameToHttpObjectCodec`. CWE-444 Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')
CVSSv2:
Base Score: LOW (2.6) Vector: /AV:N/AC:H/Au:N/C:N/I:P/A:N CVSSv3:
Base Score: MEDIUM (5.9) Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N/E:2.2/RC:R/MAV:A References:
Vulnerable Software & Versions: (show all )
CVE-2021-21409 suppress
Netty is an open-source, asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. In Netty (io.netty:netty-codec-http2) before version 4.1.61.Final there is a vulnerability that enables request smuggling. The content-length header is not correctly validated if the request only uses a single Http2HeaderFrame with the endStream set to to true. This could lead to request smuggling if the request is proxied to a remote peer and translated to HTTP/1.1. This is a followup of GHSA-wm47-8v5p-wjpj/CVE-2021-21295 which did miss to fix this one case. This was fixed as part of 4.1.61.Final. CWE-444 Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')
CVSSv2:
Base Score: MEDIUM (4.3) Vector: /AV:N/AC:M/Au:N/C:N/I:P/A:N CVSSv3:
Base Score: MEDIUM (5.9) Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N/E:2.2/RC:R/MAV:A References:
Vulnerable Software & Versions: (show all )
CVE-2021-21290 suppress
Netty is an open-source, asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. In Netty before version 4.1.59.Final there is a vulnerability on Unix-like systems involving an insecure temp file. When netty's multipart decoders are used local information disclosure can occur via the local system temporary directory if temporary storing uploads on the disk is enabled. On unix-like systems, the temporary directory is shared between all user. As such, writing to this directory using APIs that do not explicitly set the file/directory permissions can lead to information disclosure. Of note, this does not impact modern MacOS Operating Systems. The method "File.createTempFile" on unix-like systems creates a random file, but, by default will create this file with the permissions "-rw-r--r--". Thus, if sensitive information is written to this file, other local users can read this information. This is the case in netty's "AbstractDiskHttpData" is vulnerable. This has been fixed in version 4.1.59.Final. As a workaround, one may specify your own "java.io.tmpdir" when you start the JVM or use "DefaultHttpDataFactory.setBaseDir(...)" to set the directory to something that is only readable by the current user. CWE-378 Creation of Temporary File With Insecure Permissions, CWE-379 Creation of Temporary File in Directory with Insecure Permissions, CWE-668 Exposure of Resource to Wrong Sphere
CVSSv2:
Base Score: LOW (1.9) Vector: /AV:L/AC:M/Au:N/C:P/I:N/A:N CVSSv3:
Base Score: MEDIUM (5.5) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:1.8/RC:R/MAV:A References:
Vulnerable Software & Versions: (show all )
CVE-2022-24823 suppress
Netty is an open-source, asynchronous event-driven network application framework. The package `io.netty:netty-codec-http` prior to version 4.1.77.Final contains an insufficient fix for CVE-2021-21290. When Netty's multipart decoders are used local information disclosure can occur via the local system temporary directory if temporary storing uploads on the disk is enabled. This only impacts applications running on Java version 6 and lower. Additionally, this vulnerability impacts code running on Unix-like systems, and very old versions of Mac OSX and Windows as they all share the system temporary directory between all users. Version 4.1.77.Final contains a patch for this vulnerability. As a workaround, specify one's own `java.io.tmpdir` when starting the JVM or use DefaultHttpDataFactory.setBaseDir(...) to set the directory to something that is only readable by the current user. CWE-378 Creation of Temporary File With Insecure Permissions, CWE-379 Creation of Temporary File in Directory with Insecure Permissions, CWE-668 Exposure of Resource to Wrong Sphere
CVSSv2:
Base Score: LOW (1.9) Vector: /AV:L/AC:M/Au:N/C:P/I:N/A:N CVSSv3:
Base Score: MEDIUM (5.5) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:1.8/RC:R/MAV:A References:
Vulnerable Software & Versions: (show all )
hbase-shaded-client-1.7.1.jar (shaded: org.apache.avro:avro:1.7.7)Description:
Avro core components File Path: /home/runner/.m2/repository/org/apache/hbase/hbase-shaded-client/1.7.1/hbase-shaded-client-1.7.1.jar/META-INF/maven/org.apache.avro/avro/pom.xmlMD5: 7c004a4bda0f0c7a14d273e3f2c7e0a3SHA1: f4079d2b0a549d1e46f6eee0a8dc5a4cbf2d7c11SHA256: cb752a8b0463e7a5c4e4aba88f0d24e8c9a389309484cf36443884bb6fe6de91Referenced In Project/Scope: shardingsphere-proxy-backend-hbase:compile
Evidence Type Source Name Value Confidence Vendor pom artifactid avro Low Vendor pom groupid org.apache.avro Highest Vendor pom name Apache Avro High Vendor pom parent-artifactid avro-parent Low Vendor pom url http://avro.apache.org Highest Product pom artifactid avro Highest Product pom groupid org.apache.avro Highest Product pom name Apache Avro High Product pom parent-artifactid avro-parent Medium Product pom url http://avro.apache.org Medium Version pom version 1.7.7 Highest
CVE-2023-39410 (OSSINDEX) suppress
When deserializing untrusted or corrupted data, it is possible for a reader to consume memory beyond the allowed constraints and thus lead to out of memory on the system.
This issue affects Java applications using Apache Avro Java SDK up to and including 1.11.2. Users should update to apache-avro version 1.11.3 which addresses this issue.
CWE-502 Deserialization of Untrusted Data
CVSSv3:
Base Score: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H References:
Vulnerable Software & Versions (OSSINDEX):
cpe:2.3:a:org.apache.avro:avro:1.7.7:*:*:*:*:*:*:* hbase-shaded-client-1.7.1.jar (shaded: org.apache.commons:commons-compress:1.4.1)Description:
Apache Commons Compress software defines an API for working with compression and archive formats.
These include: bzip2, gzip, pack200, xz and ar, cpio, jar, tar, zip, dump.
File Path: /home/runner/.m2/repository/org/apache/hbase/hbase-shaded-client/1.7.1/hbase-shaded-client-1.7.1.jar/META-INF/maven/org.apache.commons/commons-compress/pom.xmlMD5: e8496e82a63646dc67f25d233502b6fdSHA1: bf8a105706b3e1e6c32bebaaa40874af967cf69dSHA256: 69c804a54e4d4e546ce1641101026e2851bbf604a0abf490b040546290d91d01Referenced In Project/Scope: shardingsphere-proxy-backend-hbase:compile
Evidence Type Source Name Value Confidence Vendor pom artifactid commons-compress Low Vendor pom developer email bodewig at apache.org Low Vendor pom developer email grobmeier at apache.org Low Vendor pom developer email sebb at apache.org Low Vendor pom developer email tcurdt at apache.org Low Vendor pom developer id bodewig Medium Vendor pom developer id grobmeier Medium Vendor pom developer id sebb Medium Vendor pom developer id tcurdt Medium Vendor pom developer name Christian Grobmeier Medium Vendor pom developer name Sebastian Bazley Medium Vendor pom developer name Stefan Bodewig Medium Vendor pom developer name Torsten Curdt Medium Vendor pom groupid org.apache.commons Highest Vendor pom name Commons Compress High Vendor pom parent-artifactid commons-parent Low Vendor pom url http://commons.apache.org/compress/ Highest Product pom artifactid commons-compress Highest Product pom developer email bodewig at apache.org Low Product pom developer email grobmeier at apache.org Low Product pom developer email sebb at apache.org Low Product pom developer email tcurdt at apache.org Low Product pom developer id bodewig Low Product pom developer id grobmeier Low Product pom developer id sebb Low Product pom developer id tcurdt Low Product pom developer name Christian Grobmeier Low Product pom developer name Sebastian Bazley Low Product pom developer name Stefan Bodewig Low Product pom developer name Torsten Curdt Low Product pom groupid org.apache.commons Highest Product pom name Commons Compress High Product pom parent-artifactid commons-parent Medium Product pom url http://commons.apache.org/compress/ Medium Version pom parent-version 1.4.1 Low Version pom version 1.4.1 Highest
CVE-2021-35517 suppress
When reading a specially crafted TAR archive, Compress can be made to allocate large amounts of memory that finally leads to an out of memory error even for very small inputs. This could be used to mount a denial of service attack against services that use Compress' tar package. CWE-130 Improper Handling of Length Parameter Inconsistency, CWE-770 Allocation of Resources Without Limits or Throttling
CVSSv2:
Base Score: MEDIUM (5.0) Vector: /AV:N/AC:L/Au:N/C:N/I:N/A:P CVSSv3:
Base Score: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:3.9/RC:R/MAV:A References:
Vulnerable Software & Versions: (show all )
CVE-2021-36090 suppress
When reading a specially crafted ZIP archive, Compress can be made to allocate large amounts of memory that finally leads to an out of memory error even for very small inputs. This could be used to mount a denial of service attack against services that use Compress' zip package. CWE-130 Improper Handling of Length Parameter Inconsistency, NVD-CWE-Other
CVSSv2:
Base Score: MEDIUM (5.0) Vector: /AV:N/AC:L/Au:N/C:N/I:N/A:P CVSSv3:
Base Score: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:3.9/RC:R/MAV:A References:
Vulnerable Software & Versions: (show all )
CVE-2018-11771 (OSSINDEX) suppress
When reading a specially crafted ZIP archive, the read method of Apache Commons Compress 1.7 to 1.17's ZipArchiveInputStream can fail to return the correct EOF indication after the end of the stream has been reached. When combined with a java.io.InputStreamReader this can lead to an infinite stream, which can be used to mount a denial of service attack against services that use Compress' zip package.
Sonatype's research suggests that this CVE's details differ from those defined at NVD. See https://ossindex.sonatype.org/vulnerability/CVE-2018-11771 for details CWE-835 Loop with Unreachable Exit Condition ('Infinite Loop')
CVSSv3:
Base Score: MEDIUM (5.5) Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H References:
Vulnerable Software & Versions (OSSINDEX):
cpe:2.3:a:org.apache.commons:commons-compress:1.4.1:*:*:*:*:*:*:* CVE-2024-25710 suppress
Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability in Apache Commons Compress.This issue affects Apache Commons Compress: from 1.3 through 1.25.0.
Users are recommended to upgrade to version 1.26.0 which fixes the issue.
CWE-835 Loop with Unreachable Exit Condition ('Infinite Loop')
CVSSv3:
Base Score: MEDIUM (5.5) Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:1.8/RC:R/MAV:A References:
Vulnerable Software & Versions:
hbase-shaded-client-1.7.1.jar (shaded: org.apache.commons:commons-math3:3.1.1)Description:
The Math project is a library of lightweight, self-contained mathematics and statistics components addressing the most common practical problems not immediately available in the Java programming language or commons-lang. File Path: /home/runner/.m2/repository/org/apache/hbase/hbase-shaded-client/1.7.1/hbase-shaded-client-1.7.1.jar/META-INF/maven/org.apache.commons/commons-math3/pom.xmlMD5: 8ef1664338629b6e756fd291816eb2a0SHA1: 857e1177647f63abbdbb7ba63187b54db04a2dc2SHA256: 7938d22121c4e258c94ce2d16c1b683a2a4f8eb8b12ce09ca8409e179ed0117dReferenced In Project/Scope: shardingsphere-proxy-backend-hbase:compile
Evidence Type Source Name Value Confidence Vendor pom artifactid commons-math3 Low Vendor pom developer email achou at apache dot org Low Vendor pom developer email billbarker at apache dot org Low Vendor pom developer email brentworden at apache dot org Low Vendor pom developer email celestin at apache dot org Low Vendor pom developer email dimpbx at apache dot org Low Vendor pom developer email erans at apache dot org Low Vendor pom developer email gregs at apache dot org Low Vendor pom developer email j3322ptm at yahoo dot de Low Vendor pom developer email luc at apache dot org Low Vendor pom developer email mdiggory at apache dot org Low Vendor pom developer email mikl at apache dot org Low Vendor pom developer email psteitz at apache dot org Low Vendor pom developer email rdonkin at apache dot org Low Vendor pom developer email tn at apache dot org Low Vendor pom developer email tobrien at apache dot org Low Vendor pom developer id achou Medium Vendor pom developer id billbarker Medium Vendor pom developer id brentworden Medium Vendor pom developer id celestin Medium Vendor pom developer id dimpbx Medium Vendor pom developer id erans Medium Vendor pom developer id gregs Medium Vendor pom developer id luc Medium Vendor pom developer id mdiggory Medium Vendor pom developer id mikl Medium Vendor pom developer id pietsch Medium Vendor pom developer id psteitz Medium Vendor pom developer id rdonkin Medium Vendor pom developer id tn Medium Vendor pom developer id tobrien Medium Vendor pom developer name Albert Davidson Chou Medium Vendor pom developer name Bill Barker Medium Vendor pom developer name Brent Worden Medium Vendor pom developer name Dimitri Pourbaix Medium Vendor pom developer name Gilles Sadowski Medium Vendor pom developer name Greg Sterijevski Medium Vendor pom developer name J. Pietschmann Medium Vendor pom developer name Luc Maisonobe Medium Vendor pom developer name Mark Diggory Medium Vendor pom developer name Mikkel Meyer Andersen Medium Vendor pom developer name Phil Steitz Medium Vendor pom developer name Robert Burrell Donkin Medium Vendor pom developer name Sébastien Brisard Medium Vendor pom developer name Thomas Neidhart Medium Vendor pom developer name Tim O'Brien Medium Vendor pom groupid org.apache.commons Highest Vendor pom name Commons Math High Vendor pom parent-artifactid commons-parent Low Vendor pom url http://commons.apache.org/math/ Highest Product pom artifactid commons-math3 Highest Product pom developer email achou at apache dot org Low Product pom developer email billbarker at apache dot org Low Product pom developer email brentworden at apache dot org Low Product pom developer email celestin at apache dot org Low Product pom developer email dimpbx at apache dot org Low Product pom developer email erans at apache dot org Low Product pom developer email gregs at apache dot org Low Product pom developer email j3322ptm at yahoo dot de Low Product pom developer email luc at apache dot org Low Product pom developer email mdiggory at apache dot org Low Product pom developer email mikl at apache dot org Low Product pom developer email psteitz at apache dot org Low Product pom developer email rdonkin at apache dot org Low Product pom developer email tn at apache dot org Low Product pom developer email tobrien at apache dot org Low Product pom developer id achou Low Product pom developer id billbarker Low Product pom developer id brentworden Low Product pom developer id celestin Low Product pom developer id dimpbx Low Product pom developer id erans Low Product pom developer id gregs Low Product pom developer id luc Low Product pom developer id mdiggory Low Product pom developer id mikl Low Product pom developer id pietsch Low Product pom developer id psteitz Low Product pom developer id rdonkin Low Product pom developer id tn Low Product pom developer id tobrien Low Product pom developer name Albert Davidson Chou Low Product pom developer name Bill Barker Low Product pom developer name Brent Worden Low Product pom developer name Dimitri Pourbaix Low Product pom developer name Gilles Sadowski Low Product pom developer name Greg Sterijevski Low Product pom developer name J. Pietschmann Low Product pom developer name Luc Maisonobe Low Product pom developer name Mark Diggory Low Product pom developer name Mikkel Meyer Andersen Low Product pom developer name Phil Steitz Low Product pom developer name Robert Burrell Donkin Low Product pom developer name Sébastien Brisard Low Product pom developer name Thomas Neidhart Low Product pom developer name Tim O'Brien Low Product pom groupid org.apache.commons Highest Product pom name Commons Math High Product pom parent-artifactid commons-parent Medium Product pom url http://commons.apache.org/math/ Medium Version pom parent-version 3.1.1 Low Version pom version 3.1.1 Highest
hbase-shaded-client-1.7.1.jar (shaded: org.apache.curator:curator-client:2.7.1)Description:
Low-level API File Path: /home/runner/.m2/repository/org/apache/hbase/hbase-shaded-client/1.7.1/hbase-shaded-client-1.7.1.jar/META-INF/maven/org.apache.curator/curator-client/pom.xmlMD5: 5404bd253e1b8f52e08c61739ea7769eSHA1: 0190e51a0d8b4fc1caac1f606b85470891062346SHA256: 67c3287004ce3af8504b69105bd5aae79dab724998bb1a316e65d681caca22e4Referenced In Project/Scope: shardingsphere-proxy-backend-hbase:compile
Evidence Type Source Name Value Confidence Vendor pom artifactid curator-client Low Vendor pom groupid org.apache.curator Highest Vendor pom name Curator Client High Vendor pom parent-artifactid apache-curator Low Product pom artifactid curator-client Highest Product pom groupid org.apache.curator Highest Product pom name Curator Client High Product pom parent-artifactid apache-curator Medium Version pom version 2.7.1 Highest
hbase-shaded-client-1.7.1.jar (shaded: org.apache.curator:curator-framework:2.7.1)Description:
High-level API that greatly simplifies using ZooKeeper. File Path: /home/runner/.m2/repository/org/apache/hbase/hbase-shaded-client/1.7.1/hbase-shaded-client-1.7.1.jar/META-INF/maven/org.apache.curator/curator-framework/pom.xmlMD5: 3ee0a5b836e170bf3ca0288cd53f49c2SHA1: 116b0ef399b775b838aff843d3d10a57df266630SHA256: 7f6a9cf175579b7b621f55482fbea2e3092e44a9cd1a4c6cfca941a0285cc785Referenced In Project/Scope: shardingsphere-proxy-backend-hbase:compile
Evidence Type Source Name Value Confidence Vendor pom artifactid curator-framework Low Vendor pom groupid org.apache.curator Highest Vendor pom name Curator Framework High Vendor pom parent-artifactid apache-curator Low Product pom artifactid curator-framework Highest Product pom groupid org.apache.curator Highest Product pom name Curator Framework High Product pom parent-artifactid apache-curator Medium Version pom version 2.7.1 Highest
hbase-shaded-client-1.7.1.jar (shaded: org.apache.curator:curator-recipes:2.7.1)Description:
All of the recipes listed on the ZooKeeper recipes doc (except two phase commit). File Path: /home/runner/.m2/repository/org/apache/hbase/hbase-shaded-client/1.7.1/hbase-shaded-client-1.7.1.jar/META-INF/maven/org.apache.curator/curator-recipes/pom.xmlMD5: 2d3934efa676266416ce274d545675afSHA1: b9143d9708038a4fca1e309ff36c6fd65a080078SHA256: e082b804cc002d3fc2ce736cec11d99991d8e836496c793cfd7f18a06dcb86b5Referenced In Project/Scope: shardingsphere-proxy-backend-hbase:compile
Evidence Type Source Name Value Confidence Vendor pom artifactid curator-recipes Low Vendor pom groupid org.apache.curator Highest Vendor pom name Curator Recipes High Vendor pom parent-artifactid apache-curator Low Product pom artifactid curator-recipes Highest Product pom groupid org.apache.curator Highest Product pom name Curator Recipes High Product pom parent-artifactid apache-curator Medium Version pom version 2.7.1 Highest
hbase-shaded-client-1.7.1.jar (shaded: org.apache.hadoop:hadoop-common:2.8.5)Description:
Apache Hadoop Common File Path: /home/runner/.m2/repository/org/apache/hbase/hbase-shaded-client/1.7.1/hbase-shaded-client-1.7.1.jar/META-INF/maven/org.apache.hadoop/hadoop-common/pom.xmlMD5: d86c2f02f9f4a13291236444f572fe2eSHA1: 8f60ada3304aa9e9e9472ffeda5daf618bc2dcacSHA256: 6ed7833e13356cb014198cb462184800b52d3e4674bd743f88526af230a5ce6dReferenced In Project/Scope: shardingsphere-proxy-backend-hbase:compile
Evidence Type Source Name Value Confidence Vendor pom artifactid hadoop-common Low Vendor pom groupid org.apache.hadoop Highest Vendor pom name Apache Hadoop Common High Vendor pom parent-artifactid hadoop-project-dist Low Product pom artifactid hadoop-common Highest Product pom groupid org.apache.hadoop Highest Product pom name Apache Hadoop Common High Product pom parent-artifactid hadoop-project-dist Medium Version pom version 2.8.5 Highest
CVE-2022-25168 suppress
Apache Hadoop's FileUtil.unTar(File, File) API does not escape the input file name before being passed to the shell. An attacker can inject arbitrary commands. This is only used in Hadoop 3.3 InMemoryAliasMap.completeBootstrapTransfer, which is only ever run by a local user. It has been used in Hadoop 2.x for yarn localization, which does enable remote code execution. It is used in Apache Spark, from the SQL command ADD ARCHIVE. As the ADD ARCHIVE command adds new binaries to the classpath, being able to execute shell scripts does not confer new permissions to the caller. SPARK-38305. "Check existence of file before untarring/zipping", which is included in 3.3.0, 3.1.4, 3.2.2, prevents shell commands being executed, regardless of which version of the hadoop libraries are in use. Users should upgrade to Apache Hadoop 2.10.2, 3.2.4, 3.3.3 or upper (including HADOOP-18136). CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVSSv3:
Base Score: CRITICAL (9.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:3.9/RC:R/MAV:A References:
Vulnerable Software & Versions: (show all )
CVE-2022-26612 suppress
In Apache Hadoop, The unTar function uses unTarUsingJava function on Windows and the built-in tar utility on Unix and other OSes. As a result, a TAR entry may create a symlink under the expected extraction directory which points to an external directory. A subsequent TAR entry may extract an arbitrary file into the external directory using the symlink name. This however would be caught by the same targetDirPath check on Unix because of the getCanonicalPath call. However on Windows, getCanonicalPath doesn't resolve symbolic links, which bypasses the check. unpackEntries during TAR extraction follows symbolic links which allows writing outside expected base directory on Windows. This was addressed in Apache Hadoop 3.2.3 CWE-59 Improper Link Resolution Before File Access ('Link Following')
CVSSv2:
Base Score: HIGH (7.5) Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P CVSSv3:
Base Score: CRITICAL (9.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:3.9/RC:R/MAV:A References:
Vulnerable Software & Versions: (show all )
CVE-2018-8009 (OSSINDEX) suppress
Apache Hadoop 3.1.0, 3.0.0-alpha to 3.0.2, 2.9.0 to 2.9.1, 2.8.0 to 2.8.4, 2.0.0-alpha to 2.7.6, 0.23.0 to 0.23.11 is exploitable via the zip slip vulnerability in places that accept a zip file. CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVSSv3:
Base Score: HIGH (8.800000190734863) Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H References:
Vulnerable Software & Versions (OSSINDEX):
cpe:2.3:a:org.apache.hadoop:hadoop-common:2.8.5:*:*:*:*:*:*:* CVE-2020-9492 suppress
In Apache Hadoop 3.2.0 to 3.2.1, 3.0.0-alpha1 to 3.1.3, and 2.0.0-alpha to 2.10.0, WebHDFS client might send SPNEGO authorization header to remote URL without proper verification. CWE-863 Incorrect Authorization
CVSSv2:
Base Score: MEDIUM (6.5) Vector: /AV:N/AC:L/Au:S/C:P/I:P/A:P CVSSv3:
Base Score: HIGH (8.8) Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:2.8/RC:R/MAV:A References:
Vulnerable Software & Versions: (show all )
CVE-2021-33036 suppress
In Apache Hadoop 2.2.0 to 2.10.1, 3.0.0-alpha1 to 3.1.4, 3.2.0 to 3.2.2, and 3.3.0 to 3.3.1, a user who can escalate to yarn user can possibly run arbitrary commands as root user. Users should upgrade to Apache Hadoop 2.10.2, 3.2.3, 3.3.2 or higher. CWE-24 Path Traversal: '../filedir', CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'), CWE-264 Permissions, Privileges, and Access Controls
CVSSv2:
Base Score: HIGH (9.0) Vector: /AV:N/AC:L/Au:S/C:C/I:C/A:C CVSSv3:
Base Score: HIGH (8.8) Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:2.8/RC:R/MAV:A References:
Vulnerable Software & Versions: (show all )
CVE-2018-11765 suppress
In Apache Hadoop versions 3.0.0-alpha2 to 3.0.0, 2.9.0 to 2.9.2, 2.8.0 to 2.8.5, any users can access some servlets without authentication when Kerberos authentication is enabled and SPNEGO through HTTP is not enabled. CWE-287 Improper Authentication
CVSSv2:
Base Score: MEDIUM (4.3) Vector: /AV:N/AC:M/Au:N/C:P/I:N/A:N CVSSv3:
Base Score: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:3.9/RC:R/MAV:A References:
Vulnerable Software & Versions: (show all )
hbase-shaded-client-1.7.1.jar (shaded: org.apache.hadoop:hadoop-mapreduce-client-core:2.8.5)File Path: /home/runner/.m2/repository/org/apache/hbase/hbase-shaded-client/1.7.1/hbase-shaded-client-1.7.1.jar/META-INF/maven/org.apache.hadoop/hadoop-mapreduce-client-core/pom.xmlMD5: 0f186cbba344e71ddb34ec2c76f2c1fdSHA1: dd3c30c61f7296241f1b1f432ceb33f911c7845cSHA256: 731ff4cc3846dcaa26f319fb9285043881320c080c1213cee907f622aedb778aReferenced In Project/Scope: shardingsphere-proxy-backend-hbase:compile
Evidence Type Source Name Value Confidence Vendor pom artifactid hadoop-mapreduce-client-core Low Vendor pom groupid org.apache.hadoop Highest Vendor pom name Apache Hadoop MapReduce Core High Vendor pom parent-artifactid hadoop-mapreduce-client Low Product pom artifactid hadoop-mapreduce-client-core Highest Product pom groupid org.apache.hadoop Highest Product pom name Apache Hadoop MapReduce Core High Product pom parent-artifactid hadoop-mapreduce-client Medium Version pom version 2.8.5 Highest
Related Dependencies hbase-shaded-client-1.7.1.jar (shaded: org.apache.hadoop:hadoop-annotations:2.8.5)File Path: /home/runner/.m2/repository/org/apache/hbase/hbase-shaded-client/1.7.1/hbase-shaded-client-1.7.1.jar/META-INF/maven/org.apache.hadoop/hadoop-annotations/pom.xml MD5: d758723ac4b2f8b2fea5703ed4b8dc6b SHA1: a785ee7bc9d9c6aa2ae3f3241fffcc47f1f33594 SHA256: 0537ddd4218ac3df37531f152ca22718cbb00a9a243b766fb8fcb57c78419301 pkg:maven/org.apache.hadoop/hadoop-annotations@2.8.5 hbase-shaded-client-1.7.1.jar (shaded: org.apache.hadoop:hadoop-auth:2.8.5)File Path: /home/runner/.m2/repository/org/apache/hbase/hbase-shaded-client/1.7.1/hbase-shaded-client-1.7.1.jar/META-INF/maven/org.apache.hadoop/hadoop-auth/pom.xml MD5: aeb329e5d935d3d04e3b004d6bc104bd SHA1: 21c146d52990de8de6eb54904445203ce5a29e97 SHA256: f17e6d23ae48d4f3ab839021c0a09c83f0760def3a3f2dd0edef1ae4afa2ae1c pkg:maven/org.apache.hadoop/hadoop-auth@2.8.5 hbase-shaded-client-1.7.1.jar (shaded: org.apache.hadoop:hadoop-yarn-api:2.8.5)File Path: /home/runner/.m2/repository/org/apache/hbase/hbase-shaded-client/1.7.1/hbase-shaded-client-1.7.1.jar/META-INF/maven/org.apache.hadoop/hadoop-yarn-api/pom.xml MD5: 26a942d0aa735251bac8cf9f4786b463 SHA1: ca28a00f8d654a1285f0869bd98f9bd59498ce06 SHA256: 243f6cd347933807f1498c90af66bcc633ace6bbeea3497b36209180011fa058 pkg:maven/org.apache.hadoop/hadoop-yarn-api@2.8.5 hbase-shaded-client-1.7.1.jar (shaded: org.apache.hadoop:hadoop-yarn-common:2.8.5)File Path: /home/runner/.m2/repository/org/apache/hbase/hbase-shaded-client/1.7.1/hbase-shaded-client-1.7.1.jar/META-INF/maven/org.apache.hadoop/hadoop-yarn-common/pom.xml MD5: d756beff823260e669a9738a2292bf3d SHA1: 2a86443d431f6a04a70043bedffd64b96ff63652 SHA256: e9f97f72d02d397e1e840a8e72386e1f1b58a98d1701ad76fd01d28b75abccd9 pkg:maven/org.apache.hadoop/hadoop-yarn-common@2.8.5 CVE-2022-25168 suppress
Apache Hadoop's FileUtil.unTar(File, File) API does not escape the input file name before being passed to the shell. An attacker can inject arbitrary commands. This is only used in Hadoop 3.3 InMemoryAliasMap.completeBootstrapTransfer, which is only ever run by a local user. It has been used in Hadoop 2.x for yarn localization, which does enable remote code execution. It is used in Apache Spark, from the SQL command ADD ARCHIVE. As the ADD ARCHIVE command adds new binaries to the classpath, being able to execute shell scripts does not confer new permissions to the caller. SPARK-38305. "Check existence of file before untarring/zipping", which is included in 3.3.0, 3.1.4, 3.2.2, prevents shell commands being executed, regardless of which version of the hadoop libraries are in use. Users should upgrade to Apache Hadoop 2.10.2, 3.2.4, 3.3.3 or upper (including HADOOP-18136). CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVSSv3:
Base Score: CRITICAL (9.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:3.9/RC:R/MAV:A References:
Vulnerable Software & Versions: (show all )
CVE-2022-26612 suppress
In Apache Hadoop, The unTar function uses unTarUsingJava function on Windows and the built-in tar utility on Unix and other OSes. As a result, a TAR entry may create a symlink under the expected extraction directory which points to an external directory. A subsequent TAR entry may extract an arbitrary file into the external directory using the symlink name. This however would be caught by the same targetDirPath check on Unix because of the getCanonicalPath call. However on Windows, getCanonicalPath doesn't resolve symbolic links, which bypasses the check. unpackEntries during TAR extraction follows symbolic links which allows writing outside expected base directory on Windows. This was addressed in Apache Hadoop 3.2.3 CWE-59 Improper Link Resolution Before File Access ('Link Following')
CVSSv2:
Base Score: HIGH (7.5) Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P CVSSv3:
Base Score: CRITICAL (9.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:3.9/RC:R/MAV:A References:
Vulnerable Software & Versions: (show all )
CVE-2020-9492 suppress
In Apache Hadoop 3.2.0 to 3.2.1, 3.0.0-alpha1 to 3.1.3, and 2.0.0-alpha to 2.10.0, WebHDFS client might send SPNEGO authorization header to remote URL without proper verification. CWE-863 Incorrect Authorization
CVSSv2:
Base Score: MEDIUM (6.5) Vector: /AV:N/AC:L/Au:S/C:P/I:P/A:P CVSSv3:
Base Score: HIGH (8.8) Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:2.8/RC:R/MAV:A References:
Vulnerable Software & Versions: (show all )
CVE-2021-33036 suppress
In Apache Hadoop 2.2.0 to 2.10.1, 3.0.0-alpha1 to 3.1.4, 3.2.0 to 3.2.2, and 3.3.0 to 3.3.1, a user who can escalate to yarn user can possibly run arbitrary commands as root user. Users should upgrade to Apache Hadoop 2.10.2, 3.2.3, 3.3.2 or higher. CWE-24 Path Traversal: '../filedir', CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'), CWE-264 Permissions, Privileges, and Access Controls
CVSSv2:
Base Score: HIGH (9.0) Vector: /AV:N/AC:L/Au:S/C:C/I:C/A:C CVSSv3:
Base Score: HIGH (8.8) Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:2.8/RC:R/MAV:A References:
Vulnerable Software & Versions: (show all )
CVE-2018-11765 suppress
In Apache Hadoop versions 3.0.0-alpha2 to 3.0.0, 2.9.0 to 2.9.2, 2.8.0 to 2.8.5, any users can access some servlets without authentication when Kerberos authentication is enabled and SPNEGO through HTTP is not enabled. CWE-287 Improper Authentication
CVSSv2:
Base Score: MEDIUM (4.3) Vector: /AV:N/AC:M/Au:N/C:P/I:N/A:N CVSSv3:
Base Score: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:3.9/RC:R/MAV:A References:
Vulnerable Software & Versions: (show all )
hbase-shaded-client-1.7.1.jar (shaded: org.apache.hbase.thirdparty:hbase-shaded-gson:3.0.0)Description:
Pulls down GSON, relocates it and makes a far jar.
File Path: /home/runner/.m2/repository/org/apache/hbase/hbase-shaded-client/1.7.1/hbase-shaded-client-1.7.1.jar/META-INF/maven/org.apache.hbase.thirdparty/hbase-shaded-gson/pom.xmlMD5: da0e5b39f7e43acea9da25b2e86bb8f7SHA1: 0d49a0de017cf7f54caa13a757b896bc5f97dcfaSHA256: 65a4c717bb1b2d342e418ae46f0c0de769ec2647189fa140c8721a2b023815f1Referenced In Project/Scope: shardingsphere-proxy-backend-hbase:compile
Evidence Type Source Name Value Confidence Vendor pom artifactid hbase-shaded-gson Low Vendor pom groupid org.apache.hbase.thirdparty Highest Vendor pom name Apache HBase Relocated (Shaded) GSON Libs High Vendor pom parent-artifactid hbase-thirdparty Low Product pom artifactid hbase-shaded-gson Highest Product pom groupid org.apache.hbase.thirdparty Highest Product pom name Apache HBase Relocated (Shaded) GSON Libs High Product pom parent-artifactid hbase-thirdparty Medium Version pom version 3.0.0 Highest
hbase-shaded-client-1.7.1.jar (shaded: org.apache.hbase:hbase-client:1.7.1)Description:
Client of HBase File Path: /home/runner/.m2/repository/org/apache/hbase/hbase-shaded-client/1.7.1/hbase-shaded-client-1.7.1.jar/META-INF/maven/org.apache.hbase/hbase-client/pom.xmlMD5: 7dd5b6f27b799dc5bdd2ec9bc5ebe582SHA1: 4beee376776f1fc6cb1e3915cfb60f01d9caf395SHA256: 6c2bf8ed9513537ba5c550f887682efc32ccbd3c54c458c321628eb457c67d34Referenced In Project/Scope: shardingsphere-proxy-backend-hbase:compile
Evidence Type Source Name Value Confidence Vendor pom artifactid hbase-client Low Vendor pom groupid org.apache.hbase Highest Vendor pom name Apache HBase - Client High Vendor pom parent-artifactid hbase Low Product pom artifactid hbase-client Highest Product pom groupid org.apache.hbase Highest Product pom name Apache HBase - Client High Product pom parent-artifactid hbase Medium Version pom version 1.7.1 Highest
Related Dependencies hbase-shaded-client-1.7.1.jar (shaded: org.apache.hbase:hbase-annotations:1.7.1)File Path: /home/runner/.m2/repository/org/apache/hbase/hbase-shaded-client/1.7.1/hbase-shaded-client-1.7.1.jar/META-INF/maven/org.apache.hbase/hbase-annotations/pom.xml MD5: 369df996484bb5f19eef157a91f1a648 SHA1: 62b4b2d6284293ffee91b15156e2c0d7aa2705ee SHA256: 4a6fd2addece4ada2cfb41bd47e995fc1bc5a82e45dc3294a52548c2e784d4b4 pkg:maven/org.apache.hbase/hbase-annotations@1.7.1 hbase-shaded-client-1.7.1.jar (shaded: org.apache.hbase:hbase-common:1.7.1)File Path: /home/runner/.m2/repository/org/apache/hbase/hbase-shaded-client/1.7.1/hbase-shaded-client-1.7.1.jar/META-INF/maven/org.apache.hbase/hbase-common/pom.xml MD5: 431e119de00a23b7f1fb5282d4527c87 SHA1: 6de4882f762d44c010fff9eef40a6e7340f362ef SHA256: 26447d34d0d1775964c949e61d7b615b0e8d4081363fc646c0ac9e155408f547 pkg:maven/org.apache.hbase/hbase-common@1.7.1 hbase-shaded-client-1.7.1.jar (shaded: org.apache.hbase:hbase-protocol:1.7.1)File Path: /home/runner/.m2/repository/org/apache/hbase/hbase-shaded-client/1.7.1/hbase-shaded-client-1.7.1.jar/META-INF/maven/org.apache.hbase/hbase-protocol/pom.xml MD5: 6add54c1e1e995a9e0e2f43af1d67d2b SHA1: fe24cfb08721ad7302d58926fdbde31238b6985f SHA256: b0370e1f5accf1aebb69ce2d735f8be312e29fc711da0dac7adcfcac85b9ff62 pkg:maven/org.apache.hbase/hbase-protocol@1.7.1 CVE-2018-8025 suppress
CVE-2018-8025 describes an issue in Apache HBase that affects the optional "Thrift 1" API server when running over HTTP. There is a race-condition which could lead to authenticated sessions being incorrectly applied to users, e.g. one authenticated user would be considered a different user or an unauthenticated user would be treated as an authenticated user. https://issues.apache.org/jira/browse/HBASE-20664 implements a fix for this issue. It has been fixed in versions: 1.2.6.1, 1.3.2.1, 1.4.5, 2.0.1. CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CVSSv2:
Base Score: MEDIUM (6.8) Vector: /AV:N/AC:M/Au:N/C:P/I:P/A:P CVSSv3:
Base Score: HIGH (8.1) Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:2.2/RC:R/MAV:A References:
Vulnerable Software & Versions: (show all )
hbase-shaded-client-1.7.1.jar (shaded: org.apache.httpcomponents:httpclient:4.5.2)Description:
Apache HttpComponents Client
File Path: /home/runner/.m2/repository/org/apache/hbase/hbase-shaded-client/1.7.1/hbase-shaded-client-1.7.1.jar/META-INF/maven/org.apache.httpcomponents/httpclient/pom.xmlMD5: 71fd2a5a505554f3646f973a80c10b63SHA1: 56f6338b324e438307e1f2c2b33bd02268310fc2SHA256: 488001ba21829a4b28b0efbed18dccb13689f58f0985453863257049f7ec19f0Referenced In Project/Scope: shardingsphere-proxy-backend-hbase:compile
Evidence Type Source Name Value Confidence Vendor pom artifactid httpclient Low Vendor pom groupid org.apache.httpcomponents Highest Vendor pom name Apache HttpClient High Vendor pom parent-artifactid httpcomponents-client Low Vendor pom url http://hc.apache.org/httpcomponents-client Highest Product pom artifactid httpclient Highest Product pom groupid org.apache.httpcomponents Highest Product pom name Apache HttpClient High Product pom parent-artifactid httpcomponents-client Medium Product pom url http://hc.apache.org/httpcomponents-client Medium Version pom version 4.5.2 Highest
CVE-2020-13956 suppress
Apache HttpClient versions prior to version 4.5.13 and 5.0.3 can misinterpret malformed authority component in request URIs passed to the library as java.net.URI object and pick the wrong target host for request execution. NVD-CWE-noinfo
CVSSv2:
Base Score: MEDIUM (5.0) Vector: /AV:N/AC:L/Au:N/C:N/I:P/A:N CVSSv3:
Base Score: MEDIUM (5.3) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:3.9/RC:R/MAV:A References:
Vulnerable Software & Versions: (show all )
hbase-shaded-client-1.7.1.jar (shaded: org.apache.httpcomponents:httpcore:4.4.4)Description:
Apache HttpComponents Core (blocking I/O)
File Path: /home/runner/.m2/repository/org/apache/hbase/hbase-shaded-client/1.7.1/hbase-shaded-client-1.7.1.jar/META-INF/maven/org.apache.httpcomponents/httpcore/pom.xmlMD5: 1156470635cfbe8d66112ceb0dfc1842SHA1: 2feaed055f70af1aafd223137e4bd456decc5995SHA256: 3ef432497e39958060d418111630f9a553599d82c3143eb18fae564a4cb28a2bReferenced In Project/Scope: shardingsphere-proxy-backend-hbase:compile
Evidence Type Source Name Value Confidence Vendor pom artifactid httpcore Low Vendor pom groupid org.apache.httpcomponents Highest Vendor pom name Apache HttpCore High Vendor pom parent-artifactid httpcomponents-core Low Vendor pom url http://hc.apache.org/httpcomponents-core-ga Highest Product pom artifactid httpcore Highest Product pom groupid org.apache.httpcomponents Highest Product pom name Apache HttpCore High Product pom parent-artifactid httpcomponents-core Medium Product pom url http://hc.apache.org/httpcomponents-core-ga Medium Version pom version 4.4.4 Highest
hbase-shaded-client-1.7.1.jar (shaded: org.jruby.jcodings:jcodings:1.0.8)Description:
Byte based encoding support library for java
License:
MIT License: http://www.opensource.org/licenses/mit-license.php File Path: /home/runner/.m2/repository/org/apache/hbase/hbase-shaded-client/1.7.1/hbase-shaded-client-1.7.1.jar/META-INF/maven/org.jruby.jcodings/jcodings/pom.xml
MD5: 70e99c0caaf02b27246e776d625e4f47
SHA1: 98c5751db122570905d2770f218ccb4f1d0f67a2
SHA256: 3a75895e8f4795a9054171a0eabcbae40e638d69c975a689a804e26ad56d5c35
Referenced In Project/Scope: shardingsphere-proxy-backend-hbase:compile
Evidence Type Source Name Value Confidence Vendor pom artifactid jcodings Low Vendor pom developer email lopx@gazeta.pl Low Vendor pom developer id lopex Medium Vendor pom developer name Marcin Mielzynski Medium Vendor pom groupid org.jruby.jcodings Highest Vendor pom name JCodings High Product pom artifactid jcodings Highest Product pom developer email lopx@gazeta.pl Low Product pom developer id lopex Low Product pom developer name Marcin Mielzynski Low Product pom groupid org.jruby.jcodings Highest Product pom name JCodings High Version pom version 1.0.8 Highest
hbase-shaded-client-1.7.1.jar (shaded: org.jruby.joni:joni:2.1.2)Description:
Java port of Oniguruma: http://www.geocities.jp/kosako3/oniguruma
that uses byte arrays directly instead of java Strings and chars
License:
MIT License: http://www.opensource.org/licenses/mit-license.php File Path: /home/runner/.m2/repository/org/apache/hbase/hbase-shaded-client/1.7.1/hbase-shaded-client-1.7.1.jar/META-INF/maven/org.jruby.joni/joni/pom.xml
MD5: 524b3379a987ebfed574e2f2ff2fdb81
SHA1: 9b636addb97237af9ecfe64cc5699d5362989f7c
SHA256: 2c396d6cca4907d14f8c141001e1c376963359fb5a80344739e97e505d0134b2
Referenced In Project/Scope: shardingsphere-proxy-backend-hbase:compile
Evidence Type Source Name Value Confidence Vendor pom artifactid joni Low Vendor pom developer email lopx@gazeta.pl Low Vendor pom developer id lopex Medium Vendor pom developer name Marcin Mielzynski Medium Vendor pom groupid org.jruby.joni Highest Vendor pom name Joni High Product pom artifactid joni Highest Product pom developer email lopx@gazeta.pl Low Product pom developer id lopex Low Product pom developer name Marcin Mielzynski Low Product pom groupid org.jruby.joni Highest Product pom name Joni High Version pom version 2.1.2 Highest
hbase-shaded-client-1.7.1.jar (shaded: org.mortbay.jetty:jetty-sslengine:6.1.26)License:
Apache License Version 2: http://www.apache.org/licenses/LICENSE-2.0 File Path: /home/runner/.m2/repository/org/apache/hbase/hbase-shaded-client/1.7.1/hbase-shaded-client-1.7.1.jar/META-INF/maven/org.mortbay.jetty/jetty-sslengine/pom.xml
MD5: e9c7d039b3595bab0c629ed41df4b0da
SHA1: c4aa120a0801827e987a3787b39befb862ce3ecb
SHA256: 4324c50228ed113753c296dd461b1df75da8ca3955935c2bb069eadcbe212b47
Referenced In Project/Scope: shardingsphere-proxy-backend-hbase:compile
Evidence Type Source Name Value Confidence Vendor pom artifactid jetty-sslengine Low Vendor pom groupid org.mortbay.jetty Highest Vendor pom name Jetty SSLEngine High Vendor pom parent-artifactid project Low Vendor pom url http://jetty.mortbay.org Highest Product pom artifactid jetty-sslengine Highest Product pom groupid org.mortbay.jetty Highest Product pom name Jetty SSLEngine High Product pom parent-artifactid project Medium Product pom url http://jetty.mortbay.org Medium Version pom version 6.1.26 Highest
Related Dependencies hbase-shaded-client-1.7.1.jar (shaded: org.mortbay.jetty:jetty-util:6.1.26)File Path: /home/runner/.m2/repository/org/apache/hbase/hbase-shaded-client/1.7.1/hbase-shaded-client-1.7.1.jar/META-INF/maven/org.mortbay.jetty/jetty-util/pom.xml MD5: 45e16592e1ce454415474270e5efed9b SHA1: 392748d8f7f97d4b37576ac710fceffa58ba294e SHA256: 1e3c13f07407a4b331e229da6bb782ae734f88b6a26a3fbeb165acabc5f6ef24 pkg:maven/org.mortbay.jetty/jetty-util@6.1.26 CVE-2011-4461 suppress
Jetty 8.1.0.RC2 and earlier computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters. CWE-310 Cryptographic Issues
CVSSv2:
Base Score: MEDIUM (5.0) Vector: /AV:N/AC:L/Au:N/C:N/I:N/A:P CVSSv3:
Base Score: MEDIUM (5.3) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:3.9/RC:R/MAV:A References:
Vulnerable Software & Versions: (show all )
CVE-2009-1523 suppress
Directory traversal vulnerability in the HTTP server in Mort Bay Jetty 5.1.14, 6.x before 6.1.17, and 7.x through 7.0.0.M2 allows remote attackers to access arbitrary files via directory traversal sequences in the URI. CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVSSv2:
Base Score: MEDIUM (5.0) Vector: /AV:N/AC:L/Au:N/C:P/I:N/A:N References:
Vulnerable Software & Versions: (show all )
hbase-shaded-client-1.7.1.jar (shaded: org.xerial.snappy:snappy-java:1.0.5)Description:
snappy-java: A fast compression/decompression library License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/runner/.m2/repository/org/apache/hbase/hbase-shaded-client/1.7.1/hbase-shaded-client-1.7.1.jar/META-INF/maven/org.xerial.snappy/snappy-java/pom.xml
MD5: eca10cacf5d2a57dff1806c62a339fa7
SHA1: 8368b1d03d95bb2db6cee777ad190c739eb5c03b
SHA256: 654d6d7584bce9a61ba3449e14b436cf21c1f12e102290ebf8f1a8605b06fe0f
Referenced In Project/Scope: shardingsphere-proxy-backend-hbase:compile
Evidence Type Source Name Value Confidence Vendor pom artifactid snappy-java Low Vendor pom developer email leo@xerial.org Low Vendor pom developer id leo Medium Vendor pom developer name Taro L. Saito Medium Vendor pom developer org Xerial Project Medium Vendor pom groupid org.xerial.snappy Highest Vendor pom name Snappy for Java High Vendor pom organization name xerial.org High Vendor pom organization url http://www.xerial.org/ Medium Vendor pom url http://github.com/xerial/snappy-java/ Highest Product pom artifactid snappy-java Highest Product pom developer email leo@xerial.org Low Product pom developer id leo Low Product pom developer name Taro L. Saito Low Product pom developer org Xerial Project Low Product pom groupid org.xerial.snappy Highest Product pom name Snappy for Java High Product pom organization name xerial.org Low Product pom organization url http://www.xerial.org/ Low Product pom url http://github.com/xerial/snappy-java/ Medium Version pom version 1.0.5 Highest
CVE-2023-34453 suppress
snappy-java is a fast compressor/decompressor for Java. Due to unchecked multiplications, an integer overflow may occur in versions prior to 1.1.10.1, causing a fatal error.
The function `shuffle(int[] input)` in the file `BitShuffle.java` receives an array of integers and applies a bit shuffle on it. It does so by multiplying the length by 4 and passing it to the natively compiled shuffle function. Since the length is not tested, the multiplication by four can cause an integer overflow and become a smaller value than the true size, or even zero or negative. In the case of a negative value, a `java.lang.NegativeArraySizeException` exception will raise, which can crash the program. In a case of a value that is zero or too small, the code that afterwards references the shuffled array will assume a bigger size of the array, which might cause exceptions such as `java.lang.ArrayIndexOutOfBoundsException`.
The same issue exists also when using the `shuffle` functions that receive a double, float, long and short, each using a different multiplier that may cause the same issue.
Version 1.1.10.1 contains a patch for this vulnerability. CWE-190 Integer Overflow or Wraparound
CVSSv3:
Base Score: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:3.9/RC:R/MAV:A References:
Vulnerable Software & Versions:
CVE-2023-34454 suppress
snappy-java is a fast compressor/decompressor for Java. Due to unchecked multiplications, an integer overflow may occur in versions prior to 1.1.10.1, causing an unrecoverable fatal error.
The function `compress(char[] input)` in the file `Snappy.java` receives an array of characters and compresses it. It does so by multiplying the length by 2 and passing it to the rawCompress` function.
Since the length is not tested, the multiplication by two can cause an integer overflow and become negative. The rawCompress function then uses the received length and passes it to the natively compiled maxCompressedLength function, using the returned value to allocate a byte array.
Since the maxCompressedLength function treats the length as an unsigned integer, it doesn���t care that it is negative, and it returns a valid value, which is casted to a signed integer by the Java engine. If the result is negative, a `java.lang.NegativeArraySizeException` exception will be raised while trying to allocate the array `buf`. On the other side, if the result is positive, the `buf` array will successfully be allocated, but its size might be too small to use for the compression, causing a fatal Access Violation error.
The same issue exists also when using the `compress` functions that receive double, float, int, long and short, each using a different multiplier that may cause the same issue. The issue most likely won���t occur when using a byte array, since creating a byte array of size 0x80000000 (or any other negative value) is impossible in the first place.
Version 1.1.10.1 contains a patch for this issue. CWE-190 Integer Overflow or Wraparound
CVSSv3:
Base Score: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:3.9/RC:R/MAV:A References:
Vulnerable Software & Versions:
CVE-2023-34455 suppress
snappy-java is a fast compressor/decompressor for Java. Due to use of an unchecked chunk length, an unrecoverable fatal error can occur in versions prior to 1.1.10.1.
The code in the function hasNextChunk in the fileSnappyInputStream.java checks if a given stream has more chunks to read. It does that by attempting to read 4 bytes. If it wasn���t possible to read the 4 bytes, the function returns false. Otherwise, if 4 bytes were available, the code treats them as the length of the next chunk.
In the case that the `compressed` variable is null, a byte array is allocated with the size given by the input data. Since the code doesn���t test the legality of the `chunkSize` variable, it is possible to pass a negative number (such as 0xFFFFFFFF which is -1), which will cause the code to raise a `java.lang.NegativeArraySizeException` exception. A worse case would happen when passing a huge positive value (such as 0x7FFFFFFF), which would raise the fatal `java.lang.OutOfMemoryError` error.
Version 1.1.10.1 contains a patch for this issue. CWE-770 Allocation of Resources Without Limits or Throttling
CVSSv3:
Base Score: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:3.9/RC:R/MAV:A References:
Vulnerable Software & Versions:
CVE-2023-43642 suppress
snappy-java is a Java port of the snappy, a fast C++ compresser/decompresser developed by Google. The SnappyInputStream was found to be vulnerable to Denial of Service (DoS) attacks when decompressing data with a too large chunk size. Due to missing upper bound check on chunk length, an unrecoverable fatal error can occur. All versions of snappy-java including the latest released version 1.1.10.3 are vulnerable to this issue. A fix has been introduced in commit `9f8c3cf74` which will be included in the 1.1.10.4 release. Users are advised to upgrade. Users unable to upgrade should only accept compressed data from trusted sources. CWE-770 Allocation of Resources Without Limits or Throttling
CVSSv3:
Base Score: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:3.9/RC:R/MAV:A References:
security-advisories@github.com - EXPLOIT security-advisories@github.com - PATCH Vulnerable Software & Versions:
hbase-shaded-client-1.7.1.jarFile Path: /home/runner/.m2/repository/org/apache/hbase/hbase-shaded-client/1.7.1/hbase-shaded-client-1.7.1.jarMD5: ff90ea8d0512f83f1988680d71534e27SHA1: b7847b079d840dc4d8ef5813dff0d45e19889a79SHA256: e35db9bae4ed2b6ce1521383f47cbb97a47951f4ed9f671e8b27e80beb03a38fReferenced In Project/Scope: shardingsphere-proxy-backend-hbase:compilehbase-shaded-client-1.7.1.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-hbase@5.5.1-SNAPSHOT
Evidence Type Source Name Value Confidence Vendor file name hbase-shaded-client High Vendor jar package name apache Highest Vendor jar package name client Highest Vendor jar package name hbase Highest Vendor jar package name shaded Highest Vendor Manifest build-jdk-spec 1.7 Low Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor pom artifactid hbase-shaded-client Highest Vendor pom artifactid hbase-shaded-client Low Vendor pom groupid org.apache.hbase Highest Vendor pom name Apache HBase - Shaded - Client High Vendor pom parent-artifactid hbase-shaded Low Product file name hbase-shaded-client High Product jar package name apache Highest Product jar package name client Highest Product jar package name hbase Highest Product jar package name shaded Highest Product Manifest build-jdk-spec 1.7 Low Product Manifest Implementation-Title Apache HBase - Shaded - Client High Product Manifest specification-title Apache HBase - Shaded - Client Medium Product pom artifactid hbase-shaded-client Highest Product pom groupid org.apache.hbase Highest Product pom name Apache HBase - Shaded - Client High Product pom parent-artifactid hbase-shaded Medium Version file version 1.7.1 High Version Manifest Implementation-Version 1.7.1 High Version pom version 1.7.1 Highest
CVE-2018-8025 suppress
CVE-2018-8025 describes an issue in Apache HBase that affects the optional "Thrift 1" API server when running over HTTP. There is a race-condition which could lead to authenticated sessions being incorrectly applied to users, e.g. one authenticated user would be considered a different user or an unauthenticated user would be treated as an authenticated user. https://issues.apache.org/jira/browse/HBASE-20664 implements a fix for this issue. It has been fixed in versions: 1.2.6.1, 1.3.2.1, 1.4.5, 2.0.1. CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CVSSv2:
Base Score: MEDIUM (6.8) Vector: /AV:N/AC:M/Au:N/C:P/I:P/A:P CVSSv3:
Base Score: HIGH (8.1) Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:2.2/RC:R/MAV:A References:
Vulnerable Software & Versions: (show all )
hbase-shaded-client-1.7.1.jar: snappyjava.dllFile Path: /home/runner/.m2/repository/org/apache/hbase/hbase-shaded-client/1.7.1/hbase-shaded-client-1.7.1.jar/org/apache/hadoop/hbase/shaded/org/xerial/snappy/native/Windows/amd64/snappyjava.dllMD5: 446424c45c8fda36ac28ccc35612b880SHA1: 84a3c2f6133f7c1de698d741d822d1dd0d67aa6eSHA256: 1d624238debe6f2bb2b42968bc0a1b36afb5610eecc7db76117063c696d496edReferenced In Project/Scope: shardingsphere-proxy-backend-hbase:compile
Evidence Type Source Name Value Confidence Vendor file name snappyjava High Product file name snappyjava High
hbase-shaded-client-1.7.1.jar: snappyjava.dllFile Path: /home/runner/.m2/repository/org/apache/hbase/hbase-shaded-client/1.7.1/hbase-shaded-client-1.7.1.jar/org/apache/hadoop/hbase/shaded/org/xerial/snappy/native/Windows/x86/snappyjava.dllMD5: 4c52ddfc006b5225fc7b6af312c0521dSHA1: 60345e7cd71a42f087c145b90498c54d6d4a985dSHA256: 74b715bfeafd050b33202843940a56d22d88b9c047b271f373b863693c53ad7dReferenced In Project/Scope: shardingsphere-proxy-backend-hbase:compile
Evidence Type Source Name Value Confidence Vendor file name snappyjava High Product file name snappyjava High
hbase-shaded-miscellaneous-1.0.1.jar (shaded: com.google.code.gson:gson:2.8.1)File Path: /home/runner/.m2/repository/org/apache/hbase/thirdparty/hbase-shaded-miscellaneous/1.0.1/hbase-shaded-miscellaneous-1.0.1.jar/META-INF/maven/com.google.code.gson/gson/pom.xmlMD5: 11320427eabbf0ef7ea53b4358cf5178SHA1: 1ed6338a2e133b0689437077a9102fe31fdef9ecSHA256: c81ee1099878f0d5b842b90890499a9eed6ddbdc4fb3ff57b792dc2e28a76fd5Referenced In Project/Scope: shardingsphere-infra-database-hive:provided
Evidence Type Source Name Value Confidence Vendor pom artifactid gson Low Vendor pom groupid com.google.code.gson Highest Vendor pom name Gson High Vendor pom parent-artifactid gson-parent Low Product pom artifactid gson Highest Product pom groupid com.google.code.gson Highest Product pom name Gson High Product pom parent-artifactid gson-parent Medium Version pom version 2.8.1 Highest
CVE-2022-25647 suppress
The package com.google.code.gson:gson before 2.8.9 are vulnerable to Deserialization of Untrusted Data via the writeReplace() method in internal classes, which may lead to DoS attacks. CWE-502 Deserialization of Untrusted Data
CVSSv2:
Base Score: MEDIUM (5.0) Vector: /AV:N/AC:L/Au:N/C:N/I:N/A:P CVSSv3:
Base Score: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:3.9/RC:R/MAV:A References:
Vulnerable Software & Versions: (show all )
hbase-shaded-miscellaneous-1.0.1.jar (shaded: com.google.guava:guava:22.0)Description:
Guava is a suite of core and expanded libraries that include
utility classes, google's collections, io classes, and much
much more.
Guava has only one code dependency - javax.annotation,
per the JSR-305 spec.
File Path: /home/runner/.m2/repository/org/apache/hbase/thirdparty/hbase-shaded-miscellaneous/1.0.1/hbase-shaded-miscellaneous-1.0.1.jar/META-INF/maven/com.google.guava/guava/pom.xmlMD5: 720ca75e346805cb7c5fb03b5d6a0966SHA1: b87878db57d5cfc2ca7d3972cc8f7486bf02fbcaSHA256: bfadb3b40f65dd6de1666d6b29f8bb54031396c76eeef4146cf9f28255f8bf33Referenced In Project/Scope: shardingsphere-infra-database-hive:provided
Evidence Type Source Name Value Confidence Vendor pom artifactid guava Low Vendor pom groupid com.google.guava Highest Vendor pom name Guava: Google Core Libraries for Java High Vendor pom parent-artifactid guava-parent Low Product pom artifactid guava Highest Product pom groupid com.google.guava Highest Product pom name Guava: Google Core Libraries for Java High Product pom parent-artifactid guava-parent Medium Version pom version 22.0 Highest
CVE-2023-2976 suppress
Use of Java's default temporary directory for file creation in `FileBackedOutputStream` in Google Guava versions 1.0 to 31.1 on Unix systems and Android Ice Cream Sandwich allows other users and apps on the machine with access to the default Java temporary directory to be able to access the files created by the class.
Even though the security vulnerability is fixed in version 32.0.0, we recommend using version 32.0.1 as version 32.0.0 breaks some functionality under Windows.
CWE-552 Files or Directories Accessible to External Parties
CVSSv3:
Base Score: HIGH (7.1) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N/E:1.8/RC:R/MAV:A References:
Vulnerable Software & Versions:
CVE-2018-10237 suppress
Unbounded memory allocation in Google Guava 11.0 through 24.x before 24.1.1 allows remote attackers to conduct denial of service attacks against servers that depend on this library and deserialize attacker-provided data, because the AtomicDoubleArray class (when serialized with Java serialization) and the CompoundOrdering class (when serialized with GWT serialization) perform eager allocation without appropriate checks on what a client has sent and whether the data size is reasonable. CWE-770 Allocation of Resources Without Limits or Throttling
CVSSv2:
Base Score: MEDIUM (4.3) Vector: /AV:N/AC:M/Au:N/C:N/I:N/A:P CVSSv3:
Base Score: MEDIUM (5.9) Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:2.2/RC:R/MAV:A References:
Vulnerable Software & Versions: (show all )
CVE-2020-8908 suppress
A temp directory creation vulnerability exists in all versions of Guava, allowing an attacker with access to the machine to potentially access data in a temporary directory created by the Guava API com.google.common.io.Files.createTempDir(). By default, on unix-like systems, the created directory is world-readable (readable by an attacker with access to the system). The method in question has been marked @Deprecated in versions 30.0 and later and should not be used. For Android developers, we recommend choosing a temporary directory API provided by Android, such as context.getCacheDir(). For other Java developers, we recommend migrating to the Java 7 API java.nio.file.Files.createTempDirectory() which explicitly configures permissions of 700, or configuring the Java runtime's java.io.tmpdir system property to point to a location whose permissions are appropriately configured.
CWE-378 Creation of Temporary File With Insecure Permissions, CWE-732 Incorrect Permission Assignment for Critical Resource
CVSSv2:
Base Score: LOW (2.1) Vector: /AV:L/AC:L/Au:N/C:P/I:N/A:N CVSSv3:
Base Score: LOW (3.3) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:1.8/RC:R/MAV:A References:
Vulnerable Software & Versions: (show all )
hbase-shaded-miscellaneous-1.0.1.jar (shaded: com.google.protobuf:protobuf-java-util:3.3.0)Description:
Utilities for Protocol Buffers File Path: /home/runner/.m2/repository/org/apache/hbase/thirdparty/hbase-shaded-miscellaneous/1.0.1/hbase-shaded-miscellaneous-1.0.1.jar/META-INF/maven/com.google.protobuf/protobuf-java-util/pom.xmlMD5: e526c088df7da8aacc0027c0b123c553SHA1: 901692c6e079197dfabbaf1da149a7365b84ee4eSHA256: 5ecd05fd7927022fce646d5bd1f923e0c01a874f7ffe7b734216108c86653a45Referenced In Project/Scope: shardingsphere-infra-database-hive:provided
Evidence Type Source Name Value Confidence Vendor pom artifactid protobuf-java-util Low Vendor pom groupid com.google.protobuf Highest Vendor pom name Protocol Buffers [Util] High Vendor pom parent-artifactid protobuf-parent Low Product pom artifactid protobuf-java-util Highest Product pom groupid com.google.protobuf Highest Product pom name Protocol Buffers [Util] High Product pom parent-artifactid protobuf-parent Medium Version pom version 3.3.0 Highest
CVE-2022-3171 suppress
A parsing issue with binary data in protobuf-java core and lite versions prior to 3.21.7, 3.20.3, 3.19.6 and 3.16.3 can lead to a denial of service attack. Inputs containing multiple instances of non-repeated embedded messages with repeated or unknown fields causes objects to be converted back-n-forth between mutable and immutable forms, resulting in potentially long garbage collection pauses. We recommend updating to the versions mentioned above. CWE-20 Improper Input Validation, NVD-CWE-noinfo
CVSSv3:
Base Score: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:3.9/RC:R/MAV:A References:
Vulnerable Software & Versions: (show all )
CVE-2021-22569 suppress
An issue in protobuf-java allowed the interleaving of com.google.protobuf.UnknownFieldSet fields in such a way that would be processed out of order. A small malicious payload can occupy the parser for several minutes by creating large numbers of short-lived objects that cause frequent, repeated pauses. We recommend upgrading libraries beyond the vulnerable versions. NVD-CWE-noinfo, CWE-696 Incorrect Behavior Order
CVSSv2:
Base Score: MEDIUM (4.3) Vector: /AV:N/AC:M/Au:N/C:N/I:N/A:P CVSSv3:
Base Score: MEDIUM (5.5) Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:1.8/RC:R/MAV:A References:
Vulnerable Software & Versions: (show all )
hbase-shaded-netty-1.0.1.jar (shaded: io.netty:netty-all:4.1.12.Final)File Path: /home/runner/.m2/repository/org/apache/hbase/thirdparty/hbase-shaded-netty/1.0.1/hbase-shaded-netty-1.0.1.jar/META-INF/maven/io.netty/netty-all/pom.xmlMD5: df63c9ee89eb8fcbc272e3d6e0ebdd0bSHA1: e058a79064e009e0152f5cc694cc8c09601b0412SHA256: 22b8c1c0e74db303b342938ea47f0fd59e2b29b0ec850651c1595aaf83af9a71Referenced In Project/Scope: shardingsphere-infra-database-hive:provided
Evidence Type Source Name Value Confidence Vendor pom artifactid netty-all Low Vendor pom groupid io.netty Highest Vendor pom name Netty/All-in-One High Vendor pom parent-artifactid netty-parent Low Product pom artifactid netty-all Highest Product pom groupid io.netty Highest Product pom name Netty/All-in-One High Product pom parent-artifactid netty-parent Medium Version pom version 4.1.12.Final Highest
CVE-2019-20444 suppress
HttpObjectDecoder.java in Netty before 4.1.44 allows an HTTP header that lacks a colon, which might be interpreted as a separate header with an incorrect syntax, or might be interpreted as an "invalid fold." CWE-444 Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')
CVSSv2:
Base Score: MEDIUM (6.4) Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:N CVSSv3:
Base Score: CRITICAL (9.1) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:3.9/RC:R/MAV:A References:
Vulnerable Software & Versions: (show all )
CVE-2019-20445 suppress
HttpObjectDecoder.java in Netty before 4.1.44 allows a Content-Length header to be accompanied by a second Content-Length header, or by a Transfer-Encoding header. CWE-444 Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')
CVSSv2:
Base Score: MEDIUM (6.4) Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:N CVSSv3:
Base Score: CRITICAL (9.1) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:3.9/RC:R/MAV:A References:
Vulnerable Software & Versions: (show all )
CVE-2019-16869 suppress
Netty before 4.1.42.Final mishandles whitespace before the colon in HTTP headers (such as a "Transfer-Encoding : chunked" line), which leads to HTTP request smuggling. CWE-444 Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')
CVSSv2:
Base Score: MEDIUM (5.0) Vector: /AV:N/AC:L/Au:N/C:N/I:P/A:N CVSSv3:
Base Score: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:3.9/RC:R/MAV:A References:
Vulnerable Software & Versions: (show all )
CVE-2019-9518 (OSSINDEX) suppress
Some HTTP/2 implementations are vulnerable to a flood of empty frames, potentially leading to a denial of service. The attacker sends a stream of frames with an empty payload and without the end-of-stream flag. These frames can be DATA, HEADERS, CONTINUATION and/or PUSH_PROMISE. The peer spends time processing each frame disproportionate to attack bandwidth. This can consume excess CPU. CWE-400 Uncontrolled Resource Consumption
CVSSv3:
Base Score: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H References:
Vulnerable Software & Versions (OSSINDEX):
cpe:2.3:a:io.netty:netty-all:4.1.12.Final:*:*:*:*:*:*:* CVE-2020-11612 suppress
The ZlibDecoders in Netty 4.1.x before 4.1.46 allow for unbounded memory allocation while decoding a ZlibEncoded byte stream. An attacker could send a large ZlibEncoded byte stream to the Netty server, forcing the server to allocate all of its free memory to a single decoder. CWE-770 Allocation of Resources Without Limits or Throttling
CVSSv2:
Base Score: MEDIUM (5.0) Vector: /AV:N/AC:L/Au:N/C:N/I:N/A:P CVSSv3:
Base Score: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:3.9/RC:R/MAV:A References:
Vulnerable Software & Versions: (show all )
CVE-2020-7238 (OSSINDEX) suppress
Netty 4.1.43.Final allows HTTP Request Smuggling because it mishandles Transfer-Encoding whitespace (such as a [space]Transfer-Encoding:chunked line) and a later Content-Length header. This issue exists because of an incomplete fix for CVE-2019-16869. CWE-444 Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')
CVSSv3:
Base Score: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N References:
Vulnerable Software & Versions (OSSINDEX):
cpe:2.3:a:io.netty:netty-all:4.1.12.Final:*:*:*:*:*:*:* CVE-2021-37136 suppress
The Bzip2 decompression decoder function doesn't allow setting size restrictions on the decompressed output data (which affects the allocation size used during decompression). All users of Bzip2Decoder are affected. The malicious input can trigger an OOME and so a DoS attack CWE-400 Uncontrolled Resource Consumption
CVSSv2:
Base Score: MEDIUM (5.0) Vector: /AV:N/AC:L/Au:N/C:N/I:N/A:P CVSSv3:
Base Score: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:3.9/RC:R/MAV:A References:
Vulnerable Software & Versions: (show all )
CVE-2021-37137 suppress
The Snappy frame decoder function doesn't restrict the chunk length which may lead to excessive memory usage. Beside this it also may buffer reserved skippable chunks until the whole chunk was received which may lead to excessive memory usage as well. This vulnerability can be triggered by supplying malicious input that decompresses to a very big size (via a network stream or a file) or by sending a huge skippable chunk. CWE-400 Uncontrolled Resource Consumption
CVSSv2:
Base Score: MEDIUM (5.0) Vector: /AV:N/AC:L/Au:N/C:N/I:N/A:P CVSSv3:
Base Score: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:3.9/RC:R/MAV:A References:
Vulnerable Software & Versions: (show all )
CVE-2022-41881 suppress
Netty project is an event-driven asynchronous network application framework. In versions prior to 4.1.86.Final, a StackOverflowError can be raised when parsing a malformed crafted message due to an infinite recursion. This issue is patched in version 4.1.86.Final. There is no workaround, except using a custom HaProxyMessageDecoder. CWE-674 Uncontrolled Recursion
CVSSv3:
Base Score: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:3.9/RC:R/MAV:A References:
Vulnerable Software & Versions:
CVE-2023-44487 suppress
CISA Known Exploited Vulnerability: Product: IETF HTTP/2 Name: HTTP/2 Rapid Reset Attack Vulnerability Date Added: 2023-10-10 Description: HTTP/2 contains a rapid reset vulnerability that allows for a distributed denial-of-service attack (DDoS). Required Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. Due Date: 2023-10-31 Notes: This vulnerability affects a common open-source component, third-party library, or a protocol used by different products. Please check with specific vendors for information on patching status. For more information, please see: https://blog.cloudflare.com/technical-breakdown-http2-rapid-reset-ddos-attack/
The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. CWE-400 Uncontrolled Resource Consumption
CVSSv3:
Base Score: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:3.9/RC:R/MAV:A References:
cve@mitre.org - EXPLOIT,THIRD_PARTY_ADVISORY cve@mitre.org - ISSUE_TRACKING cve@mitre.org - ISSUE_TRACKING,PATCH,VENDOR_ADVISORY cve@mitre.org - ISSUE_TRACKING,PATCH,VENDOR_ADVISORY cve@mitre.org - ISSUE_TRACKING,PATCH,VENDOR_ADVISORY cve@mitre.org - ISSUE_TRACKING,PATCH,VENDOR_ADVISORY cve@mitre.org - ISSUE_TRACKING,PRESS/MEDIA_COVERAGE cve@mitre.org - ISSUE_TRACKING,THIRD_PARTY_ADVISORY cve@mitre.org - ISSUE_TRACKING,THIRD_PARTY_ADVISORY cve@mitre.org - ISSUE_TRACKING,THIRD_PARTY_ADVISORY cve@mitre.org - ISSUE_TRACKING,THIRD_PARTY_ADVISORY cve@mitre.org - ISSUE_TRACKING,VENDOR_ADVISORY cve@mitre.org - ISSUE_TRACKING,VENDOR_ADVISORY cve@mitre.org - ISSUE_TRACKING,VENDOR_ADVISORY cve@mitre.org - ISSUE_TRACKING,VENDOR_ADVISORY cve@mitre.org - ISSUE_TRACKING,VENDOR_ADVISORY cve@mitre.org - ISSUE_TRACKING,VENDOR_ADVISORY cve@mitre.org - ISSUE_TRACKING,VENDOR_ADVISORY cve@mitre.org - ISSUE_TRACKING,VENDOR_ADVISORY cve@mitre.org - ISSUE_TRACKING,VENDOR_ADVISORY cve@mitre.org - ISSUE_TRACKING,VENDOR_ADVISORY cve@mitre.org - ISSUE_TRACKING,VENDOR_ADVISORY cve@mitre.org - ISSUE_TRACKING,VENDOR_ADVISORY cve@mitre.org - ISSUE_TRACKING,VENDOR_ADVISORY cve@mitre.org - ISSUE_TRACKING,VENDOR_ADVISORY cve@mitre.org - ISSUE_TRACKING,VENDOR_ADVISORY cve@mitre.org - ISSUE_TRACKING,VENDOR_ADVISORY cve@mitre.org - ISSUE_TRACKING,VENDOR_ADVISORY cve@mitre.org - ISSUE_TRACKING,VENDOR_ADVISORY cve@mitre.org - MAILING_LIST cve@mitre.org - MAILING_LIST,PATCH,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,PATCH,VENDOR_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,VENDOR_ADVISORY cve@mitre.org - MAILING_LIST,VENDOR_ADVISORY cve@mitre.org - MITIGATION,PATCH,VENDOR_ADVISORY cve@mitre.org - MITIGATION,PATCH,VENDOR_ADVISORY cve@mitre.org - MITIGATION,VENDOR_ADVISORY cve@mitre.org - MITIGATION,VENDOR_ADVISORY cve@mitre.org - PATCH,THIRD_PARTY_ADVISORY cve@mitre.org - PATCH,THIRD_PARTY_ADVISORY cve@mitre.org - PATCH,VENDOR_ADVISORY cve@mitre.org - PATCH,VENDOR_ADVISORY cve@mitre.org - PATCH,VENDOR_ADVISORY cve@mitre.org - PATCH,VENDOR_ADVISORY cve@mitre.org - PATCH,VENDOR_ADVISORY cve@mitre.org - PATCH,VENDOR_ADVISORY cve@mitre.org - PATCH,VENDOR_ADVISORY cve@mitre.org - PATCH,VENDOR_ADVISORY cve@mitre.org - PATCH,VENDOR_ADVISORY cve@mitre.org - PATCH,VENDOR_ADVISORY cve@mitre.org - PRESS/MEDIA_COVERAGE cve@mitre.org - PRESS/MEDIA_COVERAGE,THIRD_PARTY_ADVISORY cve@mitre.org - PRESS/MEDIA_COVERAGE,THIRD_PARTY_ADVISORY cve@mitre.org - PRESS/MEDIA_COVERAGE,THIRD_PARTY_ADVISORY cve@mitre.org - PRESS/MEDIA_COVERAGE,THIRD_PARTY_ADVISORY cve@mitre.org - PRODUCT,RELEASE_NOTES,VENDOR_ADVISORY cve@mitre.org - PRODUCT,THIRD_PARTY_ADVISORY cve@mitre.org - PRODUCT,THIRD_PARTY_ADVISORY cve@mitre.org - PRODUCT,VENDOR_ADVISORY cve@mitre.org - RELEASE_NOTES,THIRD_PARTY_ADVISORY cve@mitre.org - RELEASE_NOTES,THIRD_PARTY_ADVISORY cve@mitre.org - RELEASE_NOTES,VENDOR_ADVISORY cve@mitre.org - RELEASE_NOTES,VENDOR_ADVISORY cve@mitre.org - TECHNICAL_DESCRIPTION,THIRD_PARTY_ADVISORY cve@mitre.org - TECHNICAL_DESCRIPTION,VENDOR_ADVISORY cve@mitre.org - TECHNICAL_DESCRIPTION,VENDOR_ADVISORY cve@mitre.org - TECHNICAL_DESCRIPTION,VENDOR_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY,US_GOVERNMENT_RESOURCE cve@mitre.org - VENDOR_ADVISORY cve@mitre.org - VENDOR_ADVISORY cve@mitre.org - VENDOR_ADVISORY cve@mitre.org - VENDOR_ADVISORY cve@mitre.org - VENDOR_ADVISORY cve@mitre.org - VENDOR_ADVISORY cve@mitre.org - VENDOR_ADVISORY cve@mitre.org - VENDOR_ADVISORY cve@mitre.org - VENDOR_ADVISORY cve@mitre.org - VENDOR_ADVISORY cve@mitre.org - VENDOR_ADVISORY cve@mitre.org - VENDOR_ADVISORY cve@mitre.org - VENDOR_ADVISORY cve@mitre.org - VENDOR_ADVISORY cve@mitre.org - VENDOR_ADVISORY cve@mitre.org - VENDOR_ADVISORY cve@mitre.org - VENDOR_ADVISORY cve@mitre.org - VENDOR_ADVISORY cve@mitre.org - VENDOR_ADVISORY cve@mitre.org - VENDOR_ADVISORY cve@mitre.org - VENDOR_ADVISORY Vulnerable Software & Versions: (show all )
CVE-2021-43797 suppress
Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. Netty prior to version 4.1.71.Final skips control chars when they are present at the beginning / end of the header name. It should instead fail fast as these are not allowed by the spec and could lead to HTTP request smuggling. Failing to do the validation might cause netty to "sanitize" header names before it forward these to another remote system when used as proxy. This remote system can't see the invalid usage anymore, and therefore does not do the validation itself. Users should upgrade to version 4.1.71.Final. CWE-444 Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')
CVSSv2:
Base Score: MEDIUM (4.3) Vector: /AV:N/AC:M/Au:N/C:N/I:P/A:N CVSSv3:
Base Score: MEDIUM (6.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:2.8/RC:R/MAV:A References:
Vulnerable Software & Versions: (show all )
CVE-2023-34462 suppress
Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. The `SniHandler` can allocate up to 16MB of heap for each channel during the TLS handshake. When the handler or the channel does not have an idle timeout, it can be used to make a TCP server using the `SniHandler` to allocate 16MB of heap. The `SniHandler` class is a handler that waits for the TLS handshake to configure a `SslHandler` according to the indicated server name by the `ClientHello` record. For this matter it allocates a `ByteBuf` using the value defined in the `ClientHello` record. Normally the value of the packet should be smaller than the handshake packet but there are not checks done here and the way the code is written, it is possible to craft a packet that makes the `SslClientHelloHandler`. This vulnerability has been fixed in version 4.1.94.Final. CWE-400 Uncontrolled Resource Consumption, CWE-770 Allocation of Resources Without Limits or Throttling
CVSSv3:
Base Score: MEDIUM (6.5) Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:2.8/RC:R/MAV:A References:
Vulnerable Software & Versions:
CVE-2021-21295 suppress
Netty is an open-source, asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. In Netty (io.netty:netty-codec-http2) before version 4.1.60.Final there is a vulnerability that enables request smuggling. If a Content-Length header is present in the original HTTP/2 request, the field is not validated by `Http2MultiplexHandler` as it is propagated up. This is fine as long as the request is not proxied through as HTTP/1.1. If the request comes in as an HTTP/2 stream, gets converted into the HTTP/1.1 domain objects (`HttpRequest`, `HttpContent`, etc.) via `Http2StreamFrameToHttpObjectCodec `and then sent up to the child channel's pipeline and proxied through a remote peer as HTTP/1.1 this may result in request smuggling. In a proxy case, users may assume the content-length is validated somehow, which is not the case. If the request is forwarded to a backend channel that is a HTTP/1.1 connection, the Content-Length now has meaning and needs to be checked. An attacker can smuggle requests inside the body as it gets downgraded from HTTP/2 to HTTP/1.1. For an example attack refer to the linked GitHub Advisory. Users are only affected if all of this is true: `HTTP2MultiplexCodec` or `Http2FrameCodec` is used, `Http2StreamFrameToHttpObjectCodec` is used to convert to HTTP/1.1 objects, and these HTTP/1.1 objects are forwarded to another remote peer. This has been patched in 4.1.60.Final As a workaround, the user can do the validation by themselves by implementing a custom `ChannelInboundHandler` that is put in the `ChannelPipeline` behind `Http2StreamFrameToHttpObjectCodec`. CWE-444 Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')
CVSSv2:
Base Score: LOW (2.6) Vector: /AV:N/AC:H/Au:N/C:N/I:P/A:N CVSSv3:
Base Score: MEDIUM (5.9) Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N/E:2.2/RC:R/MAV:A References:
Vulnerable Software & Versions: (show all )
CVE-2021-21409 suppress
Netty is an open-source, asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. In Netty (io.netty:netty-codec-http2) before version 4.1.61.Final there is a vulnerability that enables request smuggling. The content-length header is not correctly validated if the request only uses a single Http2HeaderFrame with the endStream set to to true. This could lead to request smuggling if the request is proxied to a remote peer and translated to HTTP/1.1. This is a followup of GHSA-wm47-8v5p-wjpj/CVE-2021-21295 which did miss to fix this one case. This was fixed as part of 4.1.61.Final. CWE-444 Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')
CVSSv2:
Base Score: MEDIUM (4.3) Vector: /AV:N/AC:M/Au:N/C:N/I:P/A:N CVSSv3:
Base Score: MEDIUM (5.9) Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N/E:2.2/RC:R/MAV:A References:
Vulnerable Software & Versions: (show all )
CVE-2021-21290 suppress
Netty is an open-source, asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. In Netty before version 4.1.59.Final there is a vulnerability on Unix-like systems involving an insecure temp file. When netty's multipart decoders are used local information disclosure can occur via the local system temporary directory if temporary storing uploads on the disk is enabled. On unix-like systems, the temporary directory is shared between all user. As such, writing to this directory using APIs that do not explicitly set the file/directory permissions can lead to information disclosure. Of note, this does not impact modern MacOS Operating Systems. The method "File.createTempFile" on unix-like systems creates a random file, but, by default will create this file with the permissions "-rw-r--r--". Thus, if sensitive information is written to this file, other local users can read this information. This is the case in netty's "AbstractDiskHttpData" is vulnerable. This has been fixed in version 4.1.59.Final. As a workaround, one may specify your own "java.io.tmpdir" when you start the JVM or use "DefaultHttpDataFactory.setBaseDir(...)" to set the directory to something that is only readable by the current user. CWE-378 Creation of Temporary File With Insecure Permissions, CWE-379 Creation of Temporary File in Directory with Insecure Permissions, CWE-668 Exposure of Resource to Wrong Sphere
CVSSv2:
Base Score: LOW (1.9) Vector: /AV:L/AC:M/Au:N/C:P/I:N/A:N CVSSv3:
Base Score: MEDIUM (5.5) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:1.8/RC:R/MAV:A References:
Vulnerable Software & Versions: (show all )
CVE-2022-24823 suppress
Netty is an open-source, asynchronous event-driven network application framework. The package `io.netty:netty-codec-http` prior to version 4.1.77.Final contains an insufficient fix for CVE-2021-21290. When Netty's multipart decoders are used local information disclosure can occur via the local system temporary directory if temporary storing uploads on the disk is enabled. This only impacts applications running on Java version 6 and lower. Additionally, this vulnerability impacts code running on Unix-like systems, and very old versions of Mac OSX and Windows as they all share the system temporary directory between all users. Version 4.1.77.Final contains a patch for this vulnerability. As a workaround, specify one's own `java.io.tmpdir` when starting the JVM or use DefaultHttpDataFactory.setBaseDir(...) to set the directory to something that is only readable by the current user. CWE-378 Creation of Temporary File With Insecure Permissions, CWE-379 Creation of Temporary File in Directory with Insecure Permissions, CWE-668 Exposure of Resource to Wrong Sphere
CVSSv2:
Base Score: LOW (1.9) Vector: /AV:L/AC:M/Au:N/C:P/I:N/A:N CVSSv3:
Base Score: MEDIUM (5.5) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:1.8/RC:R/MAV:A References:
Vulnerable Software & Versions: (show all )
hbase-shaded-netty-1.0.1.jarDescription:
Pulls down netty.io, relocates nd then makes a fat new jar with them all in it.
File Path: /home/runner/.m2/repository/org/apache/hbase/thirdparty/hbase-shaded-netty/1.0.1/hbase-shaded-netty-1.0.1.jarMD5: 7bf6194a09c3eb0b5f9658a4b52b78a5SHA1: 59bb59836c904c932b0929e2d9df0fdcf37a6444SHA256: 5136f783b6b23f57c0544b51c5609d38f234103851b39948602f0846cdb3505bReferenced In Project/Scope: shardingsphere-infra-database-hive:providedhbase-shaded-netty-1.0.1.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.hive/hive-jdbc@3.1.3
Evidence Type Source Name Value Confidence Vendor file name hbase-shaded-netty High Vendor jar package name apache Highest Vendor jar package name apache Low Vendor jar package name hadoop Low Vendor jar package name hbase Highest Vendor jar package name hbase Low Vendor jar package name shaded Highest Vendor pom artifactid hbase-shaded-netty Highest Vendor pom artifactid hbase-shaded-netty Low Vendor pom groupid org.apache.hbase.thirdparty Highest Vendor pom name Apache HBase Relocated (Shaded) Netty Libs High Vendor pom parent-artifactid hbase-thirdparty Low Product file name hbase-shaded-netty High Product jar package name apache Highest Product jar package name hadoop Low Product jar package name hbase Highest Product jar package name hbase Low Product jar package name shaded Highest Product jar package name shaded Low Product pom artifactid hbase-shaded-netty Highest Product pom groupid org.apache.hbase.thirdparty Highest Product pom name Apache HBase Relocated (Shaded) Netty Libs High Product pom parent-artifactid hbase-thirdparty Medium Version file version 1.0.1 High Version pom version 1.0.1 Highest
Related Dependencies hbase-shaded-miscellaneous-1.0.1.jarFile Path: /home/runner/.m2/repository/org/apache/hbase/thirdparty/hbase-shaded-miscellaneous/1.0.1/hbase-shaded-miscellaneous-1.0.1.jar MD5: 6ce0b70bf79b6ecc5a80c5a389d02a3b SHA1: e919cbc1a88268cd0513c43cd077d018568e7138 SHA256: 450a0acc82860f4083ecd3423a86a02f954df895c81a214bf514b0e589eb5d91 pkg:maven/org.apache.hbase.thirdparty/hbase-shaded-miscellaneous@1.0.1 CVE-2018-8025 suppress
CVE-2018-8025 describes an issue in Apache HBase that affects the optional "Thrift 1" API server when running over HTTP. There is a race-condition which could lead to authenticated sessions being incorrectly applied to users, e.g. one authenticated user would be considered a different user or an unauthenticated user would be treated as an authenticated user. https://issues.apache.org/jira/browse/HBASE-20664 implements a fix for this issue. It has been fixed in versions: 1.2.6.1, 1.3.2.1, 1.4.5, 2.0.1. CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CVSSv2:
Base Score: MEDIUM (6.8) Vector: /AV:N/AC:M/Au:N/C:P/I:P/A:P CVSSv3:
Base Score: HIGH (8.1) Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:2.2/RC:R/MAV:A References:
Vulnerable Software & Versions: (show all )
hbase-shaded-protobuf-1.0.1.jar (shaded: com.google.protobuf:protobuf-java:3.3.1)Description:
Core Protocol Buffers library. Protocol Buffers are a way of encoding structured data in an
efficient yet extensible format.
File Path: /home/runner/.m2/repository/org/apache/hbase/thirdparty/hbase-shaded-protobuf/1.0.1/hbase-shaded-protobuf-1.0.1.jar/META-INF/maven/com.google.protobuf/protobuf-java/pom.xmlMD5: 0c50fbb29be4135de9c2c10f5a347ec8SHA1: efbca47990d8ca77df886506db2a7744313d246cSHA256: df048f7ab30d8d333ac2d9e34e4fd04decc800cecf491c48eb5b18bf54d4f992Referenced In Project/Scope: shardingsphere-infra-database-hive:provided
Evidence Type Source Name Value Confidence Vendor pom artifactid protobuf-java Low Vendor pom groupid com.google.protobuf Highest Vendor pom name Protocol Buffers [Core] High Vendor pom parent-artifactid protobuf-parent Low Product pom artifactid protobuf-java Highest Product pom groupid com.google.protobuf Highest Product pom name Protocol Buffers [Core] High Product pom parent-artifactid protobuf-parent Medium Version pom version 3.3.1 Highest
CVE-2022-3171 suppress
A parsing issue with binary data in protobuf-java core and lite versions prior to 3.21.7, 3.20.3, 3.19.6 and 3.16.3 can lead to a denial of service attack. Inputs containing multiple instances of non-repeated embedded messages with repeated or unknown fields causes objects to be converted back-n-forth between mutable and immutable forms, resulting in potentially long garbage collection pauses. We recommend updating to the versions mentioned above. CWE-20 Improper Input Validation, NVD-CWE-noinfo
CVSSv3:
Base Score: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:3.9/RC:R/MAV:A References:
Vulnerable Software & Versions: (show all )
CVE-2022-3509 (OSSINDEX) suppress
A parsing issue similar to CVE-2022-3171, but with textformat in protobuf-java core and lite versions prior to 3.21.7, 3.20.3, 3.19.6 and 3.16.3 can lead to a denial of service attack. Inputs containing multiple instances of non-repeated embedded messages with repeated or unknown fields causes objects to be converted back-n-forth between mutable and immutable forms, resulting in potentially long garbage collection pauses. We recommend updating to the versions mentioned above. CWE-20 Improper Input Validation
CVSSv3:
Base Score: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H References:
Vulnerable Software & Versions (OSSINDEX):
cpe:2.3:a:com.google.protobuf:protobuf-java:3.3.1:*:*:*:*:*:*:* CVE-2021-22569 suppress
An issue in protobuf-java allowed the interleaving of com.google.protobuf.UnknownFieldSet fields in such a way that would be processed out of order. A small malicious payload can occupy the parser for several minutes by creating large numbers of short-lived objects that cause frequent, repeated pauses. We recommend upgrading libraries beyond the vulnerable versions. NVD-CWE-noinfo, CWE-696 Incorrect Behavior Order
CVSSv2:
Base Score: MEDIUM (4.3) Vector: /AV:N/AC:M/Au:N/C:N/I:N/A:P CVSSv3:
Base Score: MEDIUM (5.5) Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:1.8/RC:R/MAV:A References:
Vulnerable Software & Versions: (show all )
hbase-shaded-protobuf-1.0.1.jarDescription:
Pulls down protobuf, patches it, compiles, and then relocates/shades.
File Path: /home/runner/.m2/repository/org/apache/hbase/thirdparty/hbase-shaded-protobuf/1.0.1/hbase-shaded-protobuf-1.0.1.jarMD5: 95d339c836103438de92ea1a55ba4f5fSHA1: 0c72a8b47f746aa65e9404b4441d64533b4a14faSHA256: f4d1bb3e24a228443816f960772e6234379f5acd63ec0ad36aee15134703f0b6Referenced In Project/Scope: shardingsphere-infra-database-hive:providedhbase-shaded-protobuf-1.0.1.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.hive/hive-jdbc@3.1.3
Evidence Type Source Name Value Confidence Vendor file name hbase-shaded-protobuf High Vendor jar package name apache Highest Vendor jar package name hbase Highest Vendor jar package name shaded Highest Vendor Manifest implementation-url http://hbase.apache.org/hbase-shaded-protobuf Low Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor Manifest Implementation-Vendor-Id org.apache.hbase.thirdparty Medium Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor pom artifactid hbase-shaded-protobuf Highest Vendor pom artifactid hbase-shaded-protobuf Low Vendor pom groupid org.apache.hbase.thirdparty Highest Vendor pom name Apache HBase Patched & Relocated (Shaded) Protobuf High Vendor pom parent-artifactid hbase-thirdparty Low Product file name hbase-shaded-protobuf High Product jar package name apache Highest Product jar package name hbase Highest Product jar package name shaded Highest Product Manifest Implementation-Title Apache HBase Patched & Relocated (Shaded) Protobuf High Product Manifest implementation-url http://hbase.apache.org/hbase-shaded-protobuf Low Product Manifest specification-title Apache HBase Patched & Relocated (Shaded) Protobuf Medium Product pom artifactid hbase-shaded-protobuf Highest Product pom groupid org.apache.hbase.thirdparty Highest Product pom name Apache HBase Patched & Relocated (Shaded) Protobuf High Product pom parent-artifactid hbase-thirdparty Medium Version file version 1.0.1 High Version Manifest Implementation-Version 1.0.1 High Version pom version 1.0.1 Highest
CVE-2018-8025 suppress
CVE-2018-8025 describes an issue in Apache HBase that affects the optional "Thrift 1" API server when running over HTTP. There is a race-condition which could lead to authenticated sessions being incorrectly applied to users, e.g. one authenticated user would be considered a different user or an unauthenticated user would be treated as an authenticated user. https://issues.apache.org/jira/browse/HBASE-20664 implements a fix for this issue. It has been fixed in versions: 1.2.6.1, 1.3.2.1, 1.4.5, 2.0.1. CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CVSSv2:
Base Score: MEDIUM (6.8) Vector: /AV:N/AC:M/Au:N/C:P/I:P/A:P CVSSv3:
Base Score: HIGH (8.1) Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:2.2/RC:R/MAV:A References:
Vulnerable Software & Versions: (show all )
hive-llap-server-3.1.3.jarFile Path: /home/runner/.m2/repository/org/apache/hive/hive-llap-server/3.1.3/hive-llap-server-3.1.3.jarMD5: 0ceafb03e483cd082318289ad12d6d7fSHA1: 2b5079a8a67b91f35cebb1433b24cdcefa3d9b3bSHA256: c985127a618182acff3187b454d9ad3f1859747018f7adfab8e818f0e86b0656Referenced In Project/Scope: shardingsphere-infra-database-hive:providedhive-llap-server-3.1.3.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.hive/hive-jdbc@3.1.3
Evidence Type Source Name Value Confidence Vendor file name hive-llap-server High Vendor jar package name apache Highest Vendor jar package name hive Highest Vendor jar package name llap Highest Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor Manifest Implementation-Vendor-Id org.apache.hive Medium Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor pom artifactid hive-llap-server Highest Vendor pom artifactid hive-llap-server Low Vendor pom groupid org.apache.hive Highest Vendor pom name Hive Llap Server High Vendor pom parent-artifactid hive Low Product file name hive-llap-server High Product jar package name apache Highest Product jar package name hive Highest Product jar package name llap Highest Product Manifest Implementation-Title Hive Llap Server High Product Manifest specification-title Hive Llap Server Medium Product pom artifactid hive-llap-server Highest Product pom groupid org.apache.hive Highest Product pom name Hive Llap Server High Product pom parent-artifactid hive Medium Version file version 3.1.3 High Version Manifest Implementation-Version 3.1.3 High Version pom version 3.1.3 Highest
Related Dependencies hive-classification-3.1.3.jarFile Path: /home/runner/.m2/repository/org/apache/hive/hive-classification/3.1.3/hive-classification-3.1.3.jar MD5: 8b5e61dd314ab2c10f70200e02cdc731 SHA1: 70b332574395cde2c56db431b619be9823407aed SHA256: ef4428cc7085721992e81d73046d2930349ca8606d2071a3598814f415034469 pkg:maven/org.apache.hive/hive-classification@3.1.3 hive-common-3.1.3.jarFile Path: /home/runner/.m2/repository/org/apache/hive/hive-common/3.1.3/hive-common-3.1.3.jar MD5: de034b2236dd0cebdb3677d5a3bb5a91 SHA1: 45c3bb7696f29655189abb78ec1c97f511643159 SHA256: a39058a6028ad36a74f97639663c94d9d4c52d9d32fab31032270565d01424af pkg:maven/org.apache.hive/hive-common@3.1.3 hive-jdbc-3.1.3.jarFile Path: /home/runner/.m2/repository/org/apache/hive/hive-jdbc/3.1.3/hive-jdbc-3.1.3.jar MD5: 6308c4dffdea5665865dd6267c113421 SHA1: a5b6b2f2afbb2b9d5b2bca9396d6e16da8c18edb SHA256: f9fa451cf20598013df335e4328b9580fdec0c3fd72d7149dd2ceadb043be7c6 pkg:maven/org.apache.hive/hive-jdbc@3.1.3 hive-llap-client-3.1.3.jarFile Path: /home/runner/.m2/repository/org/apache/hive/hive-llap-client/3.1.3/hive-llap-client-3.1.3.jar MD5: bd40ca2db9b9734717d903ddb7ec55af SHA1: 05010e4e8fa0119164827a230ed9d851545e825b SHA256: edece89970f8ab288b7dbc5b3898a0555b29a614d2a0f81848d9ad193f773246 pkg:maven/org.apache.hive/hive-llap-client@3.1.3 hive-llap-common-3.1.3-tests.jarFile Path: /home/runner/.m2/repository/org/apache/hive/hive-llap-common/3.1.3/hive-llap-common-3.1.3-tests.jar MD5: 4c805338493115f1d84304f15e27a2e8 SHA1: bc138f762cd73d525adec0a4e22c192425085cea SHA256: 3b9ff41f54a3ace1a045b8d5861311ad3373dd48f62d230ce96f5d2cc43bae33 pkg:maven/org.apache.hive/hive-llap-common@3.1.3 hive-llap-common-3.1.3.jarFile Path: /home/runner/.m2/repository/org/apache/hive/hive-llap-common/3.1.3/hive-llap-common-3.1.3.jar MD5: d68d9bfe26e135be51559fd5090f18ff SHA1: cfe156b119658e2cd05eaeae644965f5312ccf5f SHA256: aa349f789a305ccba037e0ff1185c2a89d20a1e95bea69ac7c207920ad21e877 pkg:maven/org.apache.hive/hive-llap-common@3.1.3 hive-llap-tez-3.1.3.jarFile Path: /home/runner/.m2/repository/org/apache/hive/hive-llap-tez/3.1.3/hive-llap-tez-3.1.3.jar MD5: 888e01fd5beedaeb7015ced6ed78e712 SHA1: c4c14a3ccc032f8cfa60be9d9615d8bd4191bf5b SHA256: 8fe132497dab70c101b02c1be25142800a0fd5ac7b35b26bc149cbbdd2feb645 pkg:maven/org.apache.hive/hive-llap-tez@3.1.3 hive-metastore-3.1.3.jarFile Path: /home/runner/.m2/repository/org/apache/hive/hive-metastore/3.1.3/hive-metastore-3.1.3.jar MD5: 3de09aa2c33dcb6ea068658defc1af94 SHA1: 99a1348743f3550dd4524408725efab8eb319960 SHA256: 6af6ec693134e7db237ec2cc20a3cbd0e49834021fc989446fd61068d0331bf9 pkg:maven/org.apache.hive/hive-metastore@3.1.3 hive-shims-0.23-3.1.3.jarFile Path: /home/runner/.m2/repository/org/apache/hive/shims/hive-shims-0.23/3.1.3/hive-shims-0.23-3.1.3.jar MD5: 0fcc1a017f8ccf5fb4eb60407883bc58 SHA1: 28bdcdcceb92a1ac450b8b6a3d3d0627d839054d SHA256: 586595d5fc5be90f0b52645f2d912a0a4cc1f148756dda3c8a2c8f38dce5f487 pkg:maven/org.apache.hive.shims/hive-shims-0.23@3.1.3 hive-shims-3.1.3.jarFile Path: /home/runner/.m2/repository/org/apache/hive/hive-shims/3.1.3/hive-shims-3.1.3.jar MD5: 6b21da36db390393738bae907e10ba66 SHA1: acc766c65cd4e94a5e1fab6a2f85148dfc8613d8 SHA256: aa845f06da6baa1a928cb3cf82e46979ee15eea8b1dd4acdbdba69bc475b8e50 pkg:maven/org.apache.hive/hive-shims@3.1.3 hive-shims-common-3.1.3.jarFile Path: /home/runner/.m2/repository/org/apache/hive/shims/hive-shims-common/3.1.3/hive-shims-common-3.1.3.jar MD5: 0a7a5b1f0949123ce786c7f2ff94b5f5 SHA1: 9ea12cb2c426d521b7c4cad5b02ce18e5b614d4e SHA256: 86d60b313a997705e26d75d32af46d50aa92538186167e5732765a2fd7ce4439 pkg:maven/org.apache.hive.shims/hive-shims-common@3.1.3 hive-shims-scheduler-3.1.3.jarFile Path: /home/runner/.m2/repository/org/apache/hive/shims/hive-shims-scheduler/3.1.3/hive-shims-scheduler-3.1.3.jar MD5: 3fb9227e9f94e0bc558787ec6643f25a SHA1: 8347ef8861b75bbffcaebb706a0ae296daabc20e SHA256: b8329cd11dd28f7cb154a4a9d2ad0de20dc16b7b80e43fa70263bdf2499c4448 pkg:maven/org.apache.hive.shims/hive-shims-scheduler@3.1.3 hive-standalone-metastore-3.1.3.jarFile Path: /home/runner/.m2/repository/org/apache/hive/hive-standalone-metastore/3.1.3/hive-standalone-metastore-3.1.3.jar MD5: c6a0c4ee84d412faabdb38851412339f SHA1: e844c4278ecba985c08e0dea1181343a07c04c3e SHA256: 779d11d856d9f41b5f78658fdf7ddf1626f03c7ae5d808582484c3744597a1f3 pkg:maven/org.apache.hive/hive-standalone-metastore@3.1.3 hive-upgrade-acid-3.1.3.jarFile Path: /home/runner/.m2/repository/org/apache/hive/hive-upgrade-acid/3.1.3/hive-upgrade-acid-3.1.3.jar MD5: d56d8946726be74cf46025dff45d8283 SHA1: 1d7200e19d1ffdaf6927ff0be701724c85be07d7 SHA256: 162e452c2fe8c5f7f6a4c68555fc58277dae37916748789f2dbd2e90aa8793a0 pkg:maven/org.apache.hive/hive-upgrade-acid@3.1.3 CVE-2020-13949 suppress
In Apache Thrift 0.9.3 to 0.13.0, malicious RPC clients could send short messages which would result in a large memory allocation, potentially leading to denial of service. CWE-400 Uncontrolled Resource Consumption
CVSSv2:
Base Score: MEDIUM (5.0) Vector: /AV:N/AC:L/Au:N/C:N/I:N/A:P CVSSv3:
Base Score: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:3.9/RC:R/MAV:A References:
Vulnerable Software & Versions: (show all )
hive-llap-server-3.1.3.jar: jquery.min.jsFile Path: /home/runner/.m2/repository/org/apache/hive/hive-llap-server/3.1.3/hive-llap-server-3.1.3.jar/hive-webapps/llap/js/jquery.min.jsMD5: a09e13ee94d51c524b7e2a728c7d4039SHA1: 0dc32db4aa9c5f03f3b38c47d883dbd4fed13aaeSHA256: 160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02efReferenced In Project/Scope: shardingsphere-infra-database-hive:provided
Evidence Type Source Name Value Confidence Vendor file name jquery High Product file name jquery High Version file version 3.3.1 High
Related Dependencies hive-service-3.1.3.jar: jquery.min.jsFile Path: /home/runner/.m2/repository/org/apache/hive/hive-service/3.1.3/hive-service-3.1.3.jar/hive-webapps/static/js/jquery.min.js MD5: a09e13ee94d51c524b7e2a728c7d4039 SHA1: 0dc32db4aa9c5f03f3b38c47d883dbd4fed13aae SHA256: 160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef pkg:javascript/jquery@3.3.1 CVE-2019-11358 suppress
jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype. CWE-1321 Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
CVSSv2:
Base Score: MEDIUM (4.3) Vector: /AV:N/AC:M/Au:N/C:N/I:P/A:N CVSSv3:
Base Score: MEDIUM (6.1) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:2.8/RC:R/MAV:A References:
cve@mitre.org - BROKEN_LINK,THIRD_PARTY_ADVISORY,VDB_ENTRY cve@mitre.org - EXPLOIT,THIRD_PARTY_ADVISORY cve@mitre.org - ISSUE_TRACKING cve@mitre.org - ISSUE_TRACKING cve@mitre.org - ISSUE_TRACKING cve@mitre.org - ISSUE_TRACKING cve@mitre.org - ISSUE_TRACKING cve@mitre.org - ISSUE_TRACKING cve@mitre.org - ISSUE_TRACKING cve@mitre.org - ISSUE_TRACKING cve@mitre.org - ISSUE_TRACKING cve@mitre.org - ISSUE_TRACKING cve@mitre.org - ISSUE_TRACKING cve@mitre.org - ISSUE_TRACKING cve@mitre.org - ISSUE_TRACKING cve@mitre.org - ISSUE_TRACKING cve@mitre.org - ISSUE_TRACKING cve@mitre.org - ISSUE_TRACKING cve@mitre.org - ISSUE_TRACKING cve@mitre.org - ISSUE_TRACKING cve@mitre.org - ISSUE_TRACKING cve@mitre.org - ISSUE_TRACKING,MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,PATCH,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,PATCH,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,PATCH,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,PATCH,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - PATCH,THIRD_PARTY_ADVISORY cve@mitre.org - PATCH,THIRD_PARTY_ADVISORY cve@mitre.org - PATCH,THIRD_PARTY_ADVISORY cve@mitre.org - PATCH,THIRD_PARTY_ADVISORY cve@mitre.org - PATCH,THIRD_PARTY_ADVISORY cve@mitre.org - PATCH,THIRD_PARTY_ADVISORY cve@mitre.org - PATCH,THIRD_PARTY_ADVISORY cve@mitre.org - PATCH,THIRD_PARTY_ADVISORY cve@mitre.org - PATCH,THIRD_PARTY_ADVISORY cve@mitre.org - PATCH,THIRD_PARTY_ADVISORY cve@mitre.org - PATCH,THIRD_PARTY_ADVISORY cve@mitre.org - PATCH,THIRD_PARTY_ADVISORY cve@mitre.org - PATCH,THIRD_PARTY_ADVISORY cve@mitre.org - PATCH,THIRD_PARTY_ADVISORY cve@mitre.org - PATCH,THIRD_PARTY_ADVISORY cve@mitre.org - RELEASE_NOTES,VENDOR_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY,VDB_ENTRY cve@mitre.org - THIRD_PARTY_ADVISORY,VDB_ENTRY cve@mitre.org - THIRD_PARTY_ADVISORY,VDB_ENTRY info - https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/ info - https://github.com/jquery/jquery/commit/753d591aea698e57d6db58c9f722cd0808619b1b info - https://nvd.nist.gov/vuln/detail/CVE-2019-11358 Vulnerable Software & Versions (NVD):
cpe:2.3:a:backdropcms:backdrop:*:*:*:*:*:*:*:* versions from (including) 1.11.0; versions up to (excluding) 1.11.9 cpe:2.3:a:backdropcms:backdrop:*:*:*:*:*:*:*:* versions from (including) 1.12.0; versions up to (excluding) 1.12.6 cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:* versions from (including) 7.0; versions up to (excluding) 7.66 cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:* versions from (including) 8.5.0; versions up to (excluding) 8.5.15 cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:* versions from (including) 8.6.0; versions up to (excluding) 8.6.15 cpe:2.3:a:joomla:joomla\!:*:*:*:*:*:*:*:* versions from (including) 3.0.0; versions up to (including) 3.9.4 cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:* versions up to (excluding) 3.4.0 cpe:2.3:a:netapp:oncommand_system_manager:*:*:*:*:*:*:*:* versions from (including) 3.0; versions up to (including) 3.1.3 cpe:2.3:a:netapp:snapcenter:-:*:*:*:*:*:*:* cpe:2.3:a:opensuse:backports_sle:15.0:sp1:*:*:*:*:*:* cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.0.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.2.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.3.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:application_express:*:*:*:*:*:*:*:* versions up to (excluding) 19.1 cpe:2.3:a:oracle:application_service_level_management:13.2.0.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:application_service_level_management:13.3.0.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:application_testing_suite:12.5.0.3:*:*:*:*:*:*:* cpe:2.3:a:oracle:application_testing_suite:13.1.0.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:application_testing_suite:13.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:application_testing_suite:13.2.0.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:application_testing_suite:13.3:*:*:*:*:*:*:* cpe:2.3:a:oracle:application_testing_suite:13.3.0.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:banking_digital_experience:18.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:banking_digital_experience:18.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:banking_digital_experience:18.3:*:*:*:*:*:*:* cpe:2.3:a:oracle:banking_digital_experience:19.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:banking_digital_experience:19.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:banking_digital_experience:20.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:banking_enterprise_collections:*:*:*:*:*:*:*:* versions from (including) 2.7.0; versions up to (including) 2.8.0 cpe:2.3:a:oracle:banking_platform:*:*:*:*:*:*:*:* versions from (including) 2.4.0; versions up to (including) 2.10.0 cpe:2.3:a:oracle:bi_publisher:5.5.0.0.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:bi_publisher:12.2.1.3.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:bi_publisher:12.2.1.4.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:big_data_discovery:1.6:*:*:*:*:*:*:* cpe:2.3:a:oracle:business_process_management_suite:12.2.1.3.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:business_process_management_suite:12.2.1.4.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_analytics:12.1.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_application_session_controller:3.8m0:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_billing_and_revenue_management:7.5:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_billing_and_revenue_management:7.5.0.23.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_billing_and_revenue_management:12.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_billing_and_revenue_management:12.0.0.3.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_diameter_signaling_router:8.0.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_diameter_signaling_router:8.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_diameter_signaling_router:8.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_diameter_signaling_router:8.2.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_eagle_application_processor:*:*:*:*:*:*:*:* versions from (including) 16.1.0; versions up to (including) 16.4.0 cpe:2.3:a:oracle:communications_element_manager:8.1.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_element_manager:8.2.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_element_manager:8.2.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_interactive_session_recorder:*:*:*:*:*:*:*:* versions from (including) 6.0; versions up to (including) 6.4 cpe:2.3:a:oracle:communications_operations_monitor:*:*:*:*:*:*:*:* versions from (including) 4.1; versions up to (including) 4.3 cpe:2.3:a:oracle:communications_operations_monitor:3.4:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_operations_monitor:4.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_operations_monitor:4.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_services_gatekeeper:7.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_session_report_manager:8.1.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_session_report_manager:8.2.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_session_report_manager:8.2.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_session_route_manager:8.1.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_session_route_manager:8.2.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_session_route_manager:8.2.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_unified_inventory_management:7.3:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_webrtc_session_controller:7.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:diagnostic_assistant:2.12.36:*:*:*:*:*:*:* cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3:*:*:*:*:*:*:* cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:enterprise_session_border_controller:8.4:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:* versions from (including) 7.3.3; versions up to (including) 7.3.5 cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:* versions from (including) 8.0.2; versions up to (including) 8.1.0 cpe:2.3:a:oracle:financial_services_analytical_applications_reconciliation_framework:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.7 cpe:2.3:a:oracle:financial_services_analytical_applications_reconciliation_framework:8.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_asset_liability_management:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.7 cpe:2.3:a:oracle:financial_services_asset_liability_management:8.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_balance_sheet_planning:8.0.8:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_basel_regulatory_capital_basic:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.7 cpe:2.3:a:oracle:financial_services_basel_regulatory_capital_basic:8.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_basel_regulatory_capital_internal_ratings_based_approach:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.7 cpe:2.3:a:oracle:financial_services_basel_regulatory_capital_internal_ratings_based_approach:8.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_data_foundation:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.8 cpe:2.3:a:oracle:financial_services_data_governance_for_us_regulatory_reporting:*:*:*:*:*:*:*:* versions from (including) 8.0.6; versions up to (including) 8.0.9 cpe:2.3:a:oracle:financial_services_data_integration_hub:*:*:*:*:*:*:*:* versions from (including) 8.0.5; versions up to (including) 8.0.7 cpe:2.3:a:oracle:financial_services_data_integration_hub:8.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_enterprise_financial_performance_analytics:8.0.6:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_enterprise_financial_performance_analytics:8.0.7:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_funds_transfer_pricing:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.7 cpe:2.3:a:oracle:financial_services_funds_transfer_pricing:8.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_hedge_management_and_ifrs_valuations:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.7 cpe:2.3:a:oracle:financial_services_hedge_management_and_ifrs_valuations:8.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.7 cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_liquidity_risk_management:8.0.0.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_liquidity_risk_management:8.0.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_liquidity_risk_management:8.0.4.0.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_liquidity_risk_management:8.0.5.0.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_liquidity_risk_management:8.0.6:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_liquidity_risk_measurement_and_management:8.0.7:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_liquidity_risk_measurement_and_management:8.0.8:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_liquidity_risk_measurement_and_management:8.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_loan_loss_forecasting_and_provisioning:*:*:*:*:*:*:*:* versions from (including) 8.0.2; versions up to (including) 8.0.7 cpe:2.3:a:oracle:financial_services_loan_loss_forecasting_and_provisioning:8.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_market_risk_measurement_and_management:8.0.5:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_market_risk_measurement_and_management:8.0.6:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_market_risk_measurement_and_management:8.0.8:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_price_creation_and_discovery:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.7 cpe:2.3:a:oracle:financial_services_profitability_management:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.7 cpe:2.3:a:oracle:financial_services_profitability_management:8.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_regulatory_reporting_for_de_nederlandsche_bank:8.0.4:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_regulatory_reporting_for_european_banking_authority:8.0.6:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_regulatory_reporting_for_european_banking_authority:8.0.7:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_regulatory_reporting_for_us_federal_reserve:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.7 cpe:2.3:a:oracle:financial_services_retail_customer_analytics:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.6 cpe:2.3:a:oracle:financial_services_retail_performance_analytics:8.0.6:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_retail_performance_analytics:8.0.7:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_revenue_management_and_billing:2.4.0.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_revenue_management_and_billing:2.4.0.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:fusion_middleware_mapviewer:12.2.1.3.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:healthcare_foundation:7.1.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:healthcare_foundation:7.2.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:healthcare_foundation:7.2.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:healthcare_foundation:7.3.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:healthcare_translational_research:3.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:healthcare_translational_research:3.2.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:healthcare_translational_research:3.3.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:healthcare_translational_research:3.3.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:healthcare_translational_research:3.4.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:hospitality_guest_access:4.2.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:hospitality_guest_access:4.2.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:hospitality_materials_control:18.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:hospitality_simphony:*:*:*:*:*:*:*:* versions from (including) 19.1.0; versions up to (including) 19.1.2 cpe:2.3:a:oracle:hospitality_simphony:18.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:hospitality_simphony:18.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:identity_manager:12.2.1.3.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:insurance_accounting_analyzer:8.0.9:*:*:*:*:*:*:* cpe:2.3:a:oracle:insurance_allocation_manager_for_enterprise_profitability:8.0.8:*:*:*:*:*:*:* cpe:2.3:a:oracle:insurance_allocation_manager_for_enterprise_profitability:8.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:insurance_data_foundation:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.7 cpe:2.3:a:oracle:insurance_ifrs_17_analyzer:8.0.6:*:*:*:*:*:*:* cpe:2.3:a:oracle:insurance_ifrs_17_analyzer:8.0.7:*:*:*:*:*:*:* cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:*:*:*:*:*:*:*:* versions from (including) 5.0.0.0; versions up to (including) 5.6.0.0 cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:5.6.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:insurance_performance_insight:8.0.7:*:*:*:*:*:*:* cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:9.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:jdeveloper:11.1.1.9.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:jdeveloper:12.2.1.3.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:jdeveloper:12.2.1.4.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:jdeveloper_and_adf:11.1.1.9.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:jdeveloper_and_adf:12.1.3.0.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:jdeveloper_and_adf:12.2.1.3.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:knowledge:*:*:*:*:*:*:*:* versions from (including) 8.6.0; versions up to (including) 8.6.3 cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.55:*:*:*:*:*:*:* cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.56:*:*:*:*:*:*:* cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57:*:*:*:*:*:*:* cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:*:*:*:*:*:*:* cpe:2.3:a:oracle:policy_automation:*:*:*:*:*:*:*:* versions from (including) 12.2.0; versions up to (including) 12.2.15 cpe:2.3:a:oracle:policy_automation:10.4.7:*:*:*:*:*:*:* cpe:2.3:a:oracle:policy_automation:12.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:policy_automation:12.1.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:policy_automation_connector_for_siebel:10.4.6:*:*:*:*:*:*:* cpe:2.3:a:oracle:policy_automation_for_mobile_devices:*:*:*:*:*:*:*:* versions from (including) 12.2.0; versions up to (including) 12.2.15 cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:* versions from (including) 16.2.0; versions up to (including) 16.2.11 cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:* versions from (including) 17.12.0; versions up to (including) 17.12.7 cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:* versions from (including) 18.8.0; versions up to (including) 18.8.9 cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:* versions from (including) 19.12.0; versions up to (including) 19.12.4 cpe:2.3:a:oracle:primavera_gateway:15.2.18:*:*:*:*:*:*:* cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:* versions from (including) 17.7; versions up to (including) 17.12 cpe:2.3:a:oracle:primavera_unifier:16.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:primavera_unifier:16.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:primavera_unifier:18.8:*:*:*:*:*:*:* cpe:2.3:a:oracle:real-time_scheduler:*:*:*:*:*:*:*:* versions from (including) 2.3.0.1; versions up to (including) 2.3.0.3 cpe:2.3:a:oracle:rest_data_services:18c:*:*:*:-:*:*:* cpe:2.3:a:oracle:rest_data_services:19c:*:*:*:-:*:*:* cpe:2.3:a:oracle:rest_data_services:11.2.0.4:*:*:*:-:*:*:* cpe:2.3:a:oracle:rest_data_services:12.1.0.2:*:*:*:-:*:*:* cpe:2.3:a:oracle:rest_data_services:12.2.0.1:*:*:*:-:*:*:* cpe:2.3:a:oracle:retail_back_office:14.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:retail_back_office:14.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:retail_central_office:14.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:retail_central_office:14.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:retail_customer_insights:15.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:retail_customer_insights:16.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:retail_customer_management_and_segmentation_foundation:18.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:retail_customer_management_and_segmentation_foundation:19.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:retail_point-of-service:14.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:retail_point-of-service:14.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:retail_returns_management:14.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:retail_returns_management:14.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:service_bus:11.1.1.9.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:service_bus:12.1.3.0.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:service_bus:12.2.1.3.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:siebel_mobile_applications:*:*:*:*:*:*:*:* versions up to (including) 19.8 cpe:2.3:a:oracle:siebel_ui_framework:20.8:*:*:*:*:*:*:* cpe:2.3:a:oracle:storagetek_tape_analytics_sw_tool:2.3.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:system_utilities:19.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:tape_library_acsls:8.5:*:*:*:*:*:*:* cpe:2.3:a:oracle:tape_library_acsls:8.5.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:transportation_management:1.4.3:*:*:*:*:*:*:* cpe:2.3:a:oracle:utilities_mobile_workforce_management:*:*:*:*:*:*:*:* versions from (including) 2.3.0.1; versions up to (including) 2.3.0.3 cpe:2.3:a:oracle:webcenter_sites:12.2.1.3.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:weblogic_server:10.3.6.0.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:weblogic_server:12.1.3.0.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:* cpe:2.3:a:redhat:cloudforms:4.7:*:*:*:*:*:*:* cpe:2.3:a:redhat:virtualization_manager:4.3:*:*:*:*:*:*:* CVE-2020-11022 suppress
In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0. CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVSSv2:
Base Score: MEDIUM (4.3) Vector: /AV:N/AC:M/Au:N/C:N/I:P/A:N CVSSv3:
Base Score: MEDIUM (6.1) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:2.8/RC:R/MAV:A References:
info - https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/ security-advisories@github.com - BROKEN_LINK security-advisories@github.com - BROKEN_LINK security-advisories@github.com - BROKEN_LINK security-advisories@github.com - EXPLOIT,THIRD_PARTY_ADVISORY,VDB_ENTRY security-advisories@github.com - MAILING_LIST,THIRD_PARTY_ADVISORY security-advisories@github.com - MITIGATION,THIRD_PARTY_ADVISORY security-advisories@github.com - MITIGATION,VENDOR_ADVISORY security-advisories@github.com - PATCH,THIRD_PARTY_ADVISORY security-advisories@github.com - PATCH,THIRD_PARTY_ADVISORY security-advisories@github.com - PATCH,THIRD_PARTY_ADVISORY security-advisories@github.com - PATCH,THIRD_PARTY_ADVISORY security-advisories@github.com - PATCH,THIRD_PARTY_ADVISORY security-advisories@github.com - PATCH,THIRD_PARTY_ADVISORY security-advisories@github.com - RELEASE_NOTES,VENDOR_ADVISORY security-advisories@github.com - THIRD_PARTY_ADVISORY security-advisories@github.com - THIRD_PARTY_ADVISORY security-advisories@github.com - THIRD_PARTY_ADVISORY security-advisories@github.com - THIRD_PARTY_ADVISORY security-advisories@github.com - THIRD_PARTY_ADVISORY security-advisories@github.com - THIRD_PARTY_ADVISORY security-advisories@github.com - THIRD_PARTY_ADVISORY security-advisories@github.com - THIRD_PARTY_ADVISORY security-advisories@github.com - THIRD_PARTY_ADVISORY security-advisories@github.com - THIRD_PARTY_ADVISORY security-advisories@github.com - THIRD_PARTY_ADVISORY Vulnerable Software & Versions (NVD):
cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:* versions from (including) 7.0; versions up to (excluding) 7.70 cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:* versions from (including) 8.7.0; versions up to (excluding) 8.7.14 cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:* versions from (including) 8.8.0; versions up to (excluding) 8.8.6 cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:* versions from (including) 1.2; versions up to (excluding) 3.5.0 cpe:2.3:a:netapp:max_data:-:*:*:*:*:*:*:* cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:* cpe:2.3:a:netapp:oncommand_system_manager:*:*:*:*:*:*:*:* versions from (including) 3.0; versions up to (including) 3.1.3 cpe:2.3:a:netapp:snap_creator_framework:-:*:*:*:*:*:*:* cpe:2.3:a:netapp:snapcenter:-:*:*:*:*:*:*:* cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.0.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:agile_product_supplier_collaboration_for_process:6.2.0.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:application_testing_suite:13.3.0.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:banking_digital_experience:*:*:*:*:*:*:*:* versions from (including) 18.1; versions up to (including) 20.1 cpe:2.3:a:oracle:banking_digital_experience:18.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:banking_digital_experience:18.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:banking_digital_experience:18.3:*:*:*:*:*:*:* cpe:2.3:a:oracle:banking_digital_experience:19.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:banking_digital_experience:19.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:banking_digital_experience:20.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:blockchain_platform:*:*:*:*:*:*:*:* versions up to (excluding) 21.1.2 cpe:2.3:a:oracle:communications_application_session_controller:3.8m0:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_billing_and_revenue_management:7.5.0.23.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_billing_and_revenue_management:12.0.0.3.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_diameter_signaling_router_idih\::*:*:*:*:*:*:*:* versions from (including) 8.0.0; versions up to (including) 8.2.2 cpe:2.3:a:oracle:communications_eagle_application_processor:*:*:*:*:*:*:*:* versions from (including) 16.1.0; versions up to (including) 16.4.0 cpe:2.3:a:oracle:communications_services_gatekeeper:7.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_webrtc_session_controller:7.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:enterprise_session_border_controller:8.4:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:* versions from (including) 8.0.6; versions up to (including) 8.1.0 cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:* versions from (including) 8.0.6.0.0; versions up to (including) 8.1.0.0.0 cpe:2.3:a:oracle:financial_services_analytical_applications_reconciliation_framework:*:*:*:*:*:*:*:* versions from (including) 8.0.6; versions up to (including) 8.0.8 cpe:2.3:a:oracle:financial_services_analytical_applications_reconciliation_framework:8.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_asset_liability_management:8.0.6:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_asset_liability_management:8.0.7:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_asset_liability_management:8.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_balance_sheet_planning:8.0.8:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_basel_regulatory_capital_basic:*:*:*:*:*:*:*:* versions from (including) 8.0.6; versions up to (including) 8.0.8 cpe:2.3:a:oracle:financial_services_basel_regulatory_capital_basic:8.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_basel_regulatory_capital_internal_ratings_based_approach:*:*:*:*:*:*:*:* versions from (including) 8.0.6; versions up to (including) 8.0.8 cpe:2.3:a:oracle:financial_services_basel_regulatory_capital_internal_ratings_based_approach:8.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_data_foundation:*:*:*:*:*:*:*:* versions from (including) 8.0.6; versions up to (including) 8.1.0 cpe:2.3:a:oracle:financial_services_data_governance_for_us_regulatory_reporting:*:*:*:*:*:*:*:* versions from (including) 8.0.6; versions up to (including) 8.0.9 cpe:2.3:a:oracle:financial_services_data_integration_hub:8.0.6:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_data_integration_hub:8.0.7:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_data_integration_hub:8.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_funds_transfer_pricing:8.0.6:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_funds_transfer_pricing:8.0.7:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_funds_transfer_pricing:8.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_hedge_management_and_ifrs_valuations:*:*:*:*:*:*:*:* versions from (including) 8.0.6; versions up to (including) 8.0.8 cpe:2.3:a:oracle:financial_services_hedge_management_and_ifrs_valuations:8.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.0.6:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.0.7:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_liquidity_risk_management:8.0.6:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_liquidity_risk_measurement_and_management:8.0.7:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_liquidity_risk_measurement_and_management:8.0.8:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_liquidity_risk_measurement_and_management:8.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_loan_loss_forecasting_and_provisioning:*:*:*:*:*:*:*:* versions from (including) 8.0.6; versions up to (including) 8.0.8 cpe:2.3:a:oracle:financial_services_loan_loss_forecasting_and_provisioning:8.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_market_risk_measurement_and_management:8.0.6:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_market_risk_measurement_and_management:8.0.8:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_price_creation_and_discovery:8.0.6:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_price_creation_and_discovery:8.0.7:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_profitability_management:8.0.6:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_profitability_management:8.0.7:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_profitability_management:8.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_regulatory_reporting_for_european_banking_authority:*:*:*:*:*:*:*:* versions from (including) 8.0.6; versions up to (including) 8.1.0 cpe:2.3:a:oracle:financial_services_regulatory_reporting_for_us_federal_reserve:*:*:*:*:*:*:*:* versions from (including) 8.0.6; versions up to (including) 8.0.9 cpe:2.3:a:oracle:healthcare_foundation:7.1.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:healthcare_foundation:7.2.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:healthcare_foundation:7.2.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:healthcare_foundation:7.3.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:hospitality_materials_control:18.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:hospitality_simphony:*:*:*:*:*:*:*:* versions from (including) 19.1.0; versions up to (including) 19.1.2 cpe:2.3:a:oracle:hospitality_simphony:18.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:hospitality_simphony:18.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:hospitality_simphony:19.1.0-19.1.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:insurance_accounting_analyzer:8.0.9:*:*:*:*:*:*:* cpe:2.3:a:oracle:insurance_allocation_manager_for_enterprise_profitability:8.0.8:*:*:*:*:*:*:* cpe:2.3:a:oracle:insurance_allocation_manager_for_enterprise_profitability:8.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:insurance_data_foundation:*:*:*:*:*:*:*:* versions from (including) 8.0.6; versions up to (including) 8.1.0 cpe:2.3:a:oracle:insurance_data_foundation:8.0.6-8.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:*:*:*:*:*:*:*:* versions from (including) 5.0.0.0; versions up to (including) 5.6.0.0 cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:5.6.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:jdeveloper:11.1.1.9.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:jdeveloper:12.2.1.3.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:jdeveloper:12.2.1.4.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.56:*:*:*:*:*:*:* cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57:*:*:*:*:*:*:* cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:*:*:*:*:*:*:* cpe:2.3:a:oracle:policy_automation:*:*:*:*:*:*:*:* versions from (including) 12.2.0; versions up to (including) 12.2.20 cpe:2.3:a:oracle:policy_automation_connector_for_siebel:10.4.6:*:*:*:*:*:*:* cpe:2.3:a:oracle:policy_automation_for_mobile_devices:*:*:*:*:*:*:*:* versions from (including) 12.2.0; versions up to (including) 12.2.20 cpe:2.3:a:oracle:retail_back_office:14.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:retail_back_office:14.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:retail_customer_management_and_segmentation_foundation:19.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:retail_returns_management:14.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:retail_returns_management:14.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:siebel_ui_framework:20.8:*:*:*:*:*:*:* cpe:2.3:a:oracle:storagetek_acsls:8.5.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:weblogic_server:10.3.6.0.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:weblogic_server:12.1.3.0.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:* cpe:2.3:a:tenable:log_correlation_engine:*:*:*:*:*:*:*:* versions up to (excluding) 6.0.9 CVE-2020-11023 suppress
In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing <option> elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0. CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVSSv2:
Base Score: MEDIUM (4.3) Vector: /AV:N/AC:M/Au:N/C:N/I:P/A:N CVSSv3:
Base Score: MEDIUM (6.1) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:2.8/RC:R/MAV:A References:
info - https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/ security-advisories@github.com - BROKEN_LINK security-advisories@github.com - BROKEN_LINK security-advisories@github.com - BROKEN_LINK,MAILING_LIST,THIRD_PARTY_ADVISORY security-advisories@github.com - EXPLOIT,THIRD_PARTY_ADVISORY,VDB_ENTRY security-advisories@github.com - MAILING_LIST,THIRD_PARTY_ADVISORY security-advisories@github.com - PATCH,THIRD_PARTY_ADVISORY security-advisories@github.com - PATCH,THIRD_PARTY_ADVISORY security-advisories@github.com - PATCH,THIRD_PARTY_ADVISORY security-advisories@github.com - PATCH,THIRD_PARTY_ADVISORY security-advisories@github.com - PATCH,THIRD_PARTY_ADVISORY security-advisories@github.com - RELEASE_NOTES,VENDOR_ADVISORY security-advisories@github.com - RELEASE_NOTES,VENDOR_ADVISORY security-advisories@github.com - THIRD_PARTY_ADVISORY security-advisories@github.com - THIRD_PARTY_ADVISORY security-advisories@github.com - THIRD_PARTY_ADVISORY security-advisories@github.com - THIRD_PARTY_ADVISORY security-advisories@github.com - THIRD_PARTY_ADVISORY security-advisories@github.com - THIRD_PARTY_ADVISORY security-advisories@github.com - THIRD_PARTY_ADVISORY security-advisories@github.com - THIRD_PARTY_ADVISORY security-advisories@github.com - THIRD_PARTY_ADVISORY security-advisories@github.com - THIRD_PARTY_ADVISORY security-advisories@github.com - THIRD_PARTY_ADVISORY Vulnerable Software & Versions (NVD):
cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:* versions from (including) 7.0; versions up to (excluding) 7.70 cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:* versions from (including) 8.7.0; versions up to (excluding) 8.7.14 cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:* versions from (including) 8.8.0; versions up to (excluding) 8.8.6 cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:* versions from (including) 1.0.3; versions up to (excluding) 3.5.0 cpe:2.3:a:netapp:max_data:-:*:*:*:*:*:*:* cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:* cpe:2.3:a:netapp:oncommand_system_manager:*:*:*:*:*:*:*:* versions from (including) 3.0; versions up to (including) 3.1.3 cpe:2.3:a:netapp:snap_creator_framework:-:*:*:*:*:*:*:* cpe:2.3:a:netapp:snapcenter_server:-:*:*:*:*:*:*:* cpe:2.3:a:oracle:application_express:*:*:*:*:*:*:*:* versions up to (excluding) 20.2 cpe:2.3:a:oracle:application_testing_suite:13.3.0.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:banking_enterprise_collections:*:*:*:*:*:*:*:* versions from (including) 2.7.0; versions up to (including) 2.8.0 cpe:2.3:a:oracle:banking_platform:*:*:*:*:*:*:*:* versions from (including) 2.4.0; versions up to (including) 2.10.0 cpe:2.3:a:oracle:business_intelligence:5.9.0.0.0:*:*:*:enterprise:*:*:* cpe:2.3:a:oracle:communications_analytics:12.1.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_eagle_application_processor:*:*:*:*:*:*:*:* versions from (including) 16.1.0; versions up to (including) 16.4.0 cpe:2.3:a:oracle:communications_element_manager:8.1.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_element_manager:8.2.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_element_manager:8.2.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_interactive_session_recorder:*:*:*:*:*:*:*:* versions from (including) 6.1; versions up to (including) 6.4 cpe:2.3:a:oracle:communications_operations_monitor:*:*:*:*:*:*:*:* versions from (including) 4.1; versions up to (including) 4.3 cpe:2.3:a:oracle:communications_operations_monitor:3.4:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_services_gatekeeper:7.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_session_report_manager:8.1.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_session_report_manager:8.2.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_session_report_manager:8.2.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_session_route_manager:8.1.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_session_route_manager:8.2.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_session_route_manager:8.2.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_regulatory_reporting_for_de_nederlandsche_bank:8.0.4:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_revenue_management_and_billing_analytics:2.7:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_revenue_management_and_billing_analytics:2.8:*:*:*:*:*:*:* cpe:2.3:a:oracle:health_sciences_inform:6.3.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:healthcare_translational_research:3.2.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:healthcare_translational_research:3.3.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:healthcare_translational_research:3.3.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:healthcare_translational_research:3.4.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:hyperion_financial_reporting:11.1.2.4:*:*:*:*:*:*:* cpe:2.3:a:oracle:jd_edwards_enterpriseone_orchestrator:*:*:*:*:*:*:*:* versions up to (excluding) 9.2.5.0 cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:*:*:*:*:*:*:*:* versions up to (excluding) 9.2.5.0 cpe:2.3:a:oracle:oss_support_tools:*:*:*:*:*:*:*:* versions up to (excluding) 2.12.41 cpe:2.3:a:oracle:peoplesoft_enterprise_human_capital_management_resources:9.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:* versions from (including) 16.2; versions up to (including) 16.2.11 cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:* versions from (including) 17.12.0; versions up to (including) 17.12.7 cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:* versions from (including) 18.8.0; versions up to (including) 18.8.9 cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:* versions from (including) 19.12.0; versions up to (including) 19.12.4 cpe:2.3:a:oracle:rest_data_services:18c:*:*:*:-:*:*:* cpe:2.3:a:oracle:rest_data_services:19c:*:*:*:-:*:*:* cpe:2.3:a:oracle:rest_data_services:11.2.0.4:*:*:*:-:*:*:* cpe:2.3:a:oracle:rest_data_services:12.1.0.2:*:*:*:-:*:*:* cpe:2.3:a:oracle:rest_data_services:12.2.0.1:*:*:*:-:*:*:* cpe:2.3:a:oracle:siebel_mobile:*:*:*:*:*:*:*:* versions up to (including) 20.12 cpe:2.3:a:oracle:storagetek_acsls:8.5.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:storagetek_tape_analytics_sw_tool:2.3.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:webcenter_sites:12.2.1.3.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:webcenter_sites:12.2.1.4.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:weblogic_server:12.1.3.0.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:* cpe:2.3:a:tenable:log_correlation_engine:*:*:*:*:*:*:*:* versions up to (excluding) 6.0.9 hive-llap-server-3.1.3.jar: jquery.sparkline.min.jsFile Path: /home/runner/.m2/repository/org/apache/hive/hive-llap-server/3.1.3/hive-llap-server-3.1.3.jar/hive-webapps/llap/js/jquery.sparkline.min.jsMD5: 56be28a1645466dc675d2a204fca015cSHA1: 7e3cc75c9facc4ef22dc14002ee79e0976cc0130SHA256: 06e0242da172ab85985db3774c54ac1b53391a5b447857a100c5118b8281a543Referenced In Project/Scope: shardingsphere-infra-database-hive:provided
Evidence Type Source Name Value Confidence
hive-llap-server-3.1.3.jar: metrics.jsFile Path: /home/runner/.m2/repository/org/apache/hive/hive-llap-server/3.1.3/hive-llap-server-3.1.3.jar/hive-webapps/llap/js/metrics.jsMD5: 60f9b036e026723d0261e0338c55440bSHA1: fb396a6c1fb9f65422d77dd41e9121e6f12a27dbSHA256: b03cca22d71514debc7c986afaf0e09095e12adf6079eba37977b8c61ad850c3Referenced In Project/Scope: shardingsphere-infra-database-hive:provided
Evidence Type Source Name Value Confidence
hive-service-3.1.3.jarFile Path: /home/runner/.m2/repository/org/apache/hive/hive-service/3.1.3/hive-service-3.1.3.jarMD5: a4559649096e422a085caf2ede4c64beSHA1: 49fd7ad46801a895d2b185706637a8cb302fc044SHA256: 3db78481491d28a332ef9bcf0951e2ef2d681bbf14c9066424fa5e2ac0a6fa8aReferenced In Project/Scope: shardingsphere-infra-database-hive:providedhive-service-3.1.3.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.hive/hive-jdbc@3.1.3
Evidence Type Source Name Value Confidence Vendor file name hive-service High Vendor jar package name apache Highest Vendor jar package name hive Highest Vendor jar package name service Highest Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor Manifest Implementation-Vendor-Id org.apache.hive Medium Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor pom artifactid hive-service Highest Vendor pom artifactid hive-service Low Vendor pom groupid org.apache.hive Highest Vendor pom name Hive Service High Vendor pom parent-artifactid hive Low Product file name hive-service High Product jar package name apache Highest Product jar package name hive Highest Product jar package name service Highest Product Manifest Implementation-Title Hive Service High Product Manifest specification-title Hive Service Medium Product pom artifactid hive-service Highest Product pom groupid org.apache.hive Highest Product pom name Hive Service High Product pom parent-artifactid hive Medium Version file version 3.1.3 High Version Manifest Implementation-Version 3.1.3 High Version pom version 3.1.3 Highest
Related Dependencies hive-service-rpc-3.1.3.jarFile Path: /home/runner/.m2/repository/org/apache/hive/hive-service-rpc/3.1.3/hive-service-rpc-3.1.3.jar MD5: a26beb7032c82e6aac9d081cab06a48f SHA1: 98db04145db86e31aa83f633f8805d528732caa0 SHA256: 47c97540960fa413e97a251656330934d9d4424e15691b80b2dcc524cf8ca4f1 pkg:maven/org.apache.hive/hive-service-rpc@3.1.3 CVE-2020-13949 suppress
In Apache Thrift 0.9.3 to 0.13.0, malicious RPC clients could send short messages which would result in a large memory allocation, potentially leading to denial of service. CWE-400 Uncontrolled Resource Consumption
CVSSv2:
Base Score: MEDIUM (5.0) Vector: /AV:N/AC:L/Au:N/C:N/I:N/A:P CVSSv3:
Base Score: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:3.9/RC:R/MAV:A References:
Vulnerable Software & Versions: (show all )
hive-service-3.1.3.jar: json.human.jsFile Path: /home/runner/.m2/repository/org/apache/hive/hive-service/3.1.3/hive-service-3.1.3.jar/hive-webapps/static/js/json.human.jsMD5: a74f8de10c478652a15c9087d329b268SHA1: b7de619c46055558f536ee7f0cab943a5dae63bcSHA256: e28a4aa2f65e0a0f8c581f15751ea2e5d9b12f14325d99cc26e016126f4f59f8Referenced In Project/Scope: shardingsphere-infra-database-hive:provided
Evidence Type Source Name Value Confidence
hive-service-3.1.3.jar: llap.jsFile Path: /home/runner/.m2/repository/org/apache/hive/hive-service/3.1.3/hive-service-3.1.3.jar/hive-webapps/static/js/llap.jsMD5: 2a4635231f7c514abf5a64adeb486680SHA1: d654a7489ce9a5bdbb38364cb46507b30b90eb1dSHA256: bd43fda8cc21d2a1b55de22a63d16a629a3c9efee874192d4a81085fdbd876a3Referenced In Project/Scope: shardingsphere-infra-database-hive:provided
Evidence Type Source Name Value Confidence
hive-service-3.1.3.jar: tab.jsFile Path: /home/runner/.m2/repository/org/apache/hive/hive-service/3.1.3/hive-service-3.1.3.jar/hive-webapps/static/js/tab.jsMD5: cef53fbb05fa8074831fc69c47ab66c2SHA1: 085f9fc811703174bb9c4868d79b7c51c5b5d6a4SHA256: 499221a4bd56812148cb3d51dc9f81552aa4e2a0307fa033eb80af0012c0804dReferenced In Project/Scope: shardingsphere-infra-database-hive:provided
Evidence Type Source Name Value Confidence
hive-storage-api-2.7.0.jarFile Path: /home/runner/.m2/repository/org/apache/hive/hive-storage-api/2.7.0/hive-storage-api-2.7.0.jarMD5: 821e536501899ed9c47c38c24bd8e2fbSHA1: b67545f02e4f821fa154f019ace439d98de715d5SHA256: b764dfada0b3320b4899d854e5ba4c82a9dc96bbc73bcb79e7734a25275d27bdReferenced In Project/Scope: shardingsphere-infra-database-hive:providedhive-storage-api-2.7.0.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.hive/hive-jdbc@3.1.3
Evidence Type Source Name Value Confidence Vendor file name hive-storage-api High Vendor jar package name apache Highest Vendor jar package name hive Highest Vendor Manifest implementation-url https://www.apache.org/hive-storage-api/ Low Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor Manifest Implementation-Vendor-Id org.apache.hive Medium Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor pom artifactid hive-storage-api Highest Vendor pom artifactid hive-storage-api Low Vendor pom groupid org.apache.hive Highest Vendor pom name Hive Storage API High Vendor pom parent-artifactid apache Low Vendor pom parent-groupid org.apache Medium Product file name hive-storage-api High Product jar package name apache Highest Product jar package name hive Highest Product Manifest Implementation-Title Hive Storage API High Product Manifest implementation-url https://www.apache.org/hive-storage-api/ Low Product Manifest specification-title Hive Storage API Medium Product pom artifactid hive-storage-api Highest Product pom groupid org.apache.hive Highest Product pom name Hive Storage API High Product pom parent-artifactid apache Medium Product pom parent-groupid org.apache Medium Version file version 2.7.0 High Version Manifest Implementation-Version 2.7.0 High Version pom parent-version 2.7.0 Low Version pom version 2.7.0 Highest
CVE-2021-34538 suppress
Apache Hive before 3.1.3 "CREATE" and "DROP" function operations does not check for necessary authorization of involved entities in the query. It was found that an unauthorized user can manipulate an existing UDF without having the privileges to do so. This allowed unauthorized or underprivileged users to drop and recreate UDFs pointing them to new jars that could be potentially malicious. CWE-306 Missing Authentication for Critical Function
CVSSv3:
Base Score: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:3.9/RC:R/MAV:A References:
Vulnerable Software & Versions:
hk2-api-2.5.0-b32.jarDescription:
${project.name} License:
https://glassfish.java.net/nonav/public/CDDL+GPL_1_1.html File Path: /home/runner/.m2/repository/org/glassfish/hk2/hk2-api/2.5.0-b32/hk2-api-2.5.0-b32.jar
MD5: 93322931c4ec277c5190c7cddf7ad155
SHA1: 6a576c9653832ce610b80a2f389374ef19d96171
SHA256: b3fe4f295ab8e74ea9d641717dc55e5768f1e5db3709e84235346a4d6bcde5c2
Referenced In Project/Scope: shardingsphere-infra-database-hive:provided
hk2-api-2.5.0-b32.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.hive/hive-jdbc@3.1.3
Evidence Type Source Name Value Confidence Vendor file name hk2-api High Vendor jar package name api Highest Vendor jar package name glassfish Highest Vendor jar package name hk2 Highest Vendor Manifest bundle-docurl http://www.oracle.com Low Vendor Manifest bundle-symbolicname org.glassfish.hk2.api Medium Vendor pom artifactid hk2-api Highest Vendor pom artifactid hk2-api Low Vendor pom groupid org.glassfish.hk2 Highest Vendor pom name HK2 API module High Vendor pom parent-artifactid hk2-parent Low Product file name hk2-api High Product jar package name api Highest Product jar package name glassfish Highest Product jar package name hk2 Highest Product Manifest bundle-docurl http://www.oracle.com Low Product Manifest Bundle-Name HK2 API module Medium Product Manifest bundle-symbolicname org.glassfish.hk2.api Medium Product pom artifactid hk2-api Highest Product pom groupid org.glassfish.hk2 Highest Product pom name HK2 API module High Product pom parent-artifactid hk2-parent Medium Version pom version 2.5.0-b32 Highest
hk2-locator-2.5.0-b32.jarDescription:
${project.name} License:
https://glassfish.java.net/nonav/public/CDDL+GPL_1_1.html File Path: /home/runner/.m2/repository/org/glassfish/hk2/hk2-locator/2.5.0-b32/hk2-locator-2.5.0-b32.jar
MD5: 5baf0f144cf8552a9fe476b096fc18a7
SHA1: 195474f8ad0a8d130e9ea949a771bcf1215fc33b
SHA256: 27cacf80e8c088cc50f73b56344b779bdb7418e590a037659ab66b2b0cd9c492
Referenced In Project/Scope: shardingsphere-infra-database-hive:provided
hk2-locator-2.5.0-b32.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.hive/hive-jdbc@3.1.3
Evidence Type Source Name Value Confidence Vendor file name hk2-locator High Vendor jar package name hk2 Highest Vendor Manifest bundle-docurl http://www.oracle.com Low Vendor Manifest bundle-symbolicname org.glassfish.hk2.locator Medium Vendor pom artifactid hk2-locator Highest Vendor pom artifactid hk2-locator Low Vendor pom groupid org.glassfish.hk2 Highest Vendor pom name ServiceLocator Default Implementation High Vendor pom parent-artifactid hk2-parent Low Product file name hk2-locator High Product jar package name hk2 Highest Product Manifest bundle-docurl http://www.oracle.com Low Product Manifest Bundle-Name ServiceLocator Default Implementation Medium Product Manifest bundle-symbolicname org.glassfish.hk2.locator Medium Product pom artifactid hk2-locator Highest Product pom groupid org.glassfish.hk2 Highest Product pom name ServiceLocator Default Implementation High Product pom parent-artifactid hk2-parent Medium Version pom version 2.5.0-b32 Highest
hk2-utils-2.5.0-b32.jar (shaded: org.jvnet:tiger-types:1.4)File Path: /home/runner/.m2/repository/org/glassfish/hk2/hk2-utils/2.5.0-b32/hk2-utils-2.5.0-b32.jar/META-INF/maven/org.jvnet/tiger-types/pom.xmlMD5: 51329dba505e7cc4a9bc2719cf195be0SHA1: 5855a7ee03b816073c2b448bce93319bd71f7029SHA256: 58794aca99cadb3aab687b56fd6d84871956590323dd0ea5d611db759e78c6b9Referenced In Project/Scope: shardingsphere-infra-database-hive:provided
Evidence Type Source Name Value Confidence Vendor pom artifactid tiger-types Low Vendor pom groupid org.jvnet Highest Vendor pom name Type arithmetic library for Java5 High Vendor pom parent-artifactid jvnet-parent Low Vendor pom parent-groupid net.java Medium Product pom artifactid tiger-types Highest Product pom groupid org.jvnet Highest Product pom name Type arithmetic library for Java5 High Product pom parent-artifactid jvnet-parent Medium Product pom parent-groupid net.java Medium Version pom parent-version 1.4 Low Version pom version 1.4 Highest
hk2-utils-2.5.0-b32.jarDescription:
${project.name} License:
https://glassfish.java.net/nonav/public/CDDL+GPL_1_1.html File Path: /home/runner/.m2/repository/org/glassfish/hk2/hk2-utils/2.5.0-b32/hk2-utils-2.5.0-b32.jar
MD5: acc873aece4f8e89814ac0300b549e3e
SHA1: 5108a926988c4ceda7f1e681dddfe3101454a002
SHA256: 3912c470e621eb3e469c111f4c9a4dee486e2ce9db09a65b7609e006b6c3d38e
Referenced In Project/Scope: shardingsphere-infra-database-hive:provided
hk2-utils-2.5.0-b32.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.hive/hive-jdbc@3.1.3
Evidence Type Source Name Value Confidence Vendor file name hk2-utils High Vendor jar package name glassfish Highest Vendor jar package name hk2 Highest Vendor jar package name utilities Highest Vendor Manifest bundle-docurl http://www.oracle.com Low Vendor Manifest bundle-symbolicname org.glassfish.hk2.utils Medium Vendor Manifest originally-created-by Apache Maven Low Vendor Manifest service foo Low Vendor pom artifactid hk2-utils Highest Vendor pom artifactid hk2-utils Low Vendor pom groupid org.glassfish.hk2 Highest Vendor pom name HK2 Implementation Utilities High Vendor pom parent-artifactid hk2-parent Low Product file name hk2-utils High Product jar package name glassfish Highest Product jar package name hk2 Highest Product jar package name utilities Highest Product Manifest bundle-docurl http://www.oracle.com Low Product Manifest Bundle-Name HK2 Implementation Utilities Medium Product Manifest bundle-symbolicname org.glassfish.hk2.utils Medium Product Manifest originally-created-by Apache Maven Low Product Manifest service foo Low Product pom artifactid hk2-utils Highest Product pom groupid org.glassfish.hk2 Highest Product pom name HK2 Implementation Utilities High Product pom parent-artifactid hk2-parent Medium Version pom version 2.5.0-b32 Highest
htrace-core-3.1.0-incubating.jar (shaded: com.fasterxml.jackson.core:jackson-core:2.4.0)Description:
Core Jackson abstractions, basic JSON streaming API implementation
File Path: /home/runner/.m2/repository/org/apache/htrace/htrace-core/3.1.0-incubating/htrace-core-3.1.0-incubating.jar/META-INF/maven/com.fasterxml.jackson.core/jackson-core/pom.xmlMD5: b5ed6cb7f987a4da86141638b1538d81SHA1: ed8235ea6d84480833675e709b415bde24ce25f7SHA256: 8310978da8c7013ecaaba13c9b41b75ab3a09797ae4b946ae5e1614088f995d7Referenced In Projects/Scopes:
shardingsphere-infra-database-hive:provided shardingsphere-proxy-backend-hbase:compile Evidence Type Source Name Value Confidence Vendor pom artifactid jackson-core Low Vendor pom groupid com.fasterxml.jackson.core Highest Vendor pom name Jackson-core High Vendor pom parent-artifactid jackson-parent Low Vendor pom parent-groupid com.fasterxml.jackson Medium Vendor pom url http://wiki.fasterxml.com/JacksonHome Highest Product hint analyzer product java8 Highest Product hint analyzer product modules Highest Product pom artifactid jackson-core Highest Product pom groupid com.fasterxml.jackson.core Highest Product pom name Jackson-core High Product pom parent-artifactid jackson-parent Medium Product pom parent-groupid com.fasterxml.jackson Medium Product pom url http://wiki.fasterxml.com/JacksonHome Medium Version pom parent-version 2.4.0 Low Version pom version 2.4.0 Highest
Related Dependencies htrace-core-3.1.0-incubating.jar (shaded: com.fasterxml.jackson.core:jackson-annotations:2.4.0)File Path: /home/runner/.m2/repository/org/apache/htrace/htrace-core/3.1.0-incubating/htrace-core-3.1.0-incubating.jar/META-INF/maven/com.fasterxml.jackson.core/jackson-annotations/pom.xml MD5: 556310b593b9688b85686409e0bd5377 SHA1: 2b75fa41636e5d02edc961ee9c68e6f041dc85a9 SHA256: 63e2e01157c8964913ef8bb0e69cec0d363d31129089206f7fb07ee5438359c0 pkg:maven/com.fasterxml.jackson.core/jackson-annotations@2.4.0 htrace-core-3.2.0-incubating.jar (shaded: com.fasterxml.jackson.core:jackson-annotations:2.4.0)File Path: /home/runner/.m2/repository/org/apache/htrace/htrace-core/3.2.0-incubating/htrace-core-3.2.0-incubating.jar/META-INF/maven/com.fasterxml.jackson.core/jackson-annotations/pom.xml MD5: 556310b593b9688b85686409e0bd5377 SHA1: 2b75fa41636e5d02edc961ee9c68e6f041dc85a9 SHA256: 63e2e01157c8964913ef8bb0e69cec0d363d31129089206f7fb07ee5438359c0 pkg:maven/com.fasterxml.jackson.core/jackson-annotations@2.4.0 htrace-core-3.2.0-incubating.jar (shaded: com.fasterxml.jackson.core:jackson-core:2.4.0)File Path: /home/runner/.m2/repository/org/apache/htrace/htrace-core/3.2.0-incubating/htrace-core-3.2.0-incubating.jar/META-INF/maven/com.fasterxml.jackson.core/jackson-core/pom.xml MD5: b5ed6cb7f987a4da86141638b1538d81 SHA1: ed8235ea6d84480833675e709b415bde24ce25f7 SHA256: 8310978da8c7013ecaaba13c9b41b75ab3a09797ae4b946ae5e1614088f995d7 pkg:maven/com.fasterxml.jackson.core/jackson-core@2.4.0 htrace-core4-4.0.1-incubating.jar (shaded: com.fasterxml.jackson.core:jackson-annotations:2.4.0)File Path: /home/runner/.m2/repository/org/apache/htrace/htrace-core4/4.0.1-incubating/htrace-core4-4.0.1-incubating.jar/META-INF/maven/com.fasterxml.jackson.core/jackson-annotations/pom.xml MD5: 556310b593b9688b85686409e0bd5377 SHA1: 2b75fa41636e5d02edc961ee9c68e6f041dc85a9 SHA256: 63e2e01157c8964913ef8bb0e69cec0d363d31129089206f7fb07ee5438359c0 pkg:maven/com.fasterxml.jackson.core/jackson-annotations@2.4.0 htrace-core4-4.0.1-incubating.jar (shaded: com.fasterxml.jackson.core:jackson-core:2.4.0)File Path: /home/runner/.m2/repository/org/apache/htrace/htrace-core4/4.0.1-incubating/htrace-core4-4.0.1-incubating.jar/META-INF/maven/com.fasterxml.jackson.core/jackson-core/pom.xml MD5: b5ed6cb7f987a4da86141638b1538d81 SHA1: ed8235ea6d84480833675e709b415bde24ce25f7 SHA256: 8310978da8c7013ecaaba13c9b41b75ab3a09797ae4b946ae5e1614088f995d7 pkg:maven/com.fasterxml.jackson.core/jackson-core@2.4.0 CVE-2018-1000873 suppress
Fasterxml Jackson version Before 2.9.8 contains a CWE-20: Improper Input Validation vulnerability in Jackson-Modules-Java8 that can result in Causes a denial-of-service (DoS). This attack appear to be exploitable via The victim deserializes malicious input, specifically very large values in the nanoseconds field of a time value. This vulnerability appears to have been fixed in 2.9.8. CWE-20 Improper Input Validation
CVSSv2:
Base Score: MEDIUM (4.3) Vector: /AV:N/AC:M/Au:N/C:N/I:N/A:P CVSSv3:
Base Score: MEDIUM (6.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:2.8/RC:R/MAV:A References:
Vulnerable Software & Versions: (show all )
htrace-core-3.1.0-incubating.jar (shaded: com.fasterxml.jackson.core:jackson-databind:2.4.0)Description:
General data-binding functionality for Jackson: works on core streaming API File Path: /home/runner/.m2/repository/org/apache/htrace/htrace-core/3.1.0-incubating/htrace-core-3.1.0-incubating.jar/META-INF/maven/com.fasterxml.jackson.core/jackson-databind/pom.xmlMD5: d3f7afe903419aa0c03f9cf8682e1a69SHA1: 3c0d06b6c0a9f4135fcf5c5557c751c0cd066c0cSHA256: 083be927bdddaf1e992d0e9f0fff509b60f35deea307216d8ba773f065a6f30cReferenced In Projects/Scopes:
shardingsphere-infra-database-hive:provided shardingsphere-proxy-backend-hbase:compile Evidence Type Source Name Value Confidence Vendor pom artifactid jackson-databind Low Vendor pom groupid com.fasterxml.jackson.core Highest Vendor pom name jackson-databind High Vendor pom parent-artifactid jackson-parent Low Vendor pom parent-groupid com.fasterxml.jackson Medium Vendor pom url http://wiki.fasterxml.com/JacksonHome Highest Product hint analyzer product java8 Highest Product hint analyzer product modules Highest Product pom artifactid jackson-databind Highest Product pom groupid com.fasterxml.jackson.core Highest Product pom name jackson-databind High Product pom parent-artifactid jackson-parent Medium Product pom parent-groupid com.fasterxml.jackson Medium Product pom url http://wiki.fasterxml.com/JacksonHome Medium Version pom parent-version 2.4.0 Low Version pom version 2.4.0 Highest
Related Dependencies htrace-core-3.2.0-incubating.jar (shaded: com.fasterxml.jackson.core:jackson-databind:2.4.0)File Path: /home/runner/.m2/repository/org/apache/htrace/htrace-core/3.2.0-incubating/htrace-core-3.2.0-incubating.jar/META-INF/maven/com.fasterxml.jackson.core/jackson-databind/pom.xml MD5: d3f7afe903419aa0c03f9cf8682e1a69 SHA1: 3c0d06b6c0a9f4135fcf5c5557c751c0cd066c0c SHA256: 083be927bdddaf1e992d0e9f0fff509b60f35deea307216d8ba773f065a6f30c pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.4.0 htrace-core4-4.0.1-incubating.jar (shaded: com.fasterxml.jackson.core:jackson-databind:2.4.0)File Path: /home/runner/.m2/repository/org/apache/htrace/htrace-core4/4.0.1-incubating/htrace-core4-4.0.1-incubating.jar/META-INF/maven/com.fasterxml.jackson.core/jackson-databind/pom.xml MD5: d3f7afe903419aa0c03f9cf8682e1a69 SHA1: 3c0d06b6c0a9f4135fcf5c5557c751c0cd066c0c SHA256: 083be927bdddaf1e992d0e9f0fff509b60f35deea307216d8ba773f065a6f30c pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.4.0 CVE-2017-15095 suppress
A deserialization flaw was discovered in the jackson-databind in versions before 2.8.10 and 2.9.1, which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMapper. This issue extends the previous flaw CVE-2017-7525 by blacklisting more classes that could be used maliciously. CWE-502 Deserialization of Untrusted Data, CWE-184 Incomplete List of Disallowed Inputs
CVSSv2:
Base Score: HIGH (7.5) Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P CVSSv3:
Base Score: CRITICAL (9.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:3.9/RC:R/MAV:A References:
secalert@redhat.com - ISSUE_TRACKING,PATCH,THIRD_PARTY_ADVISORY secalert@redhat.com - ISSUE_TRACKING,THIRD_PARTY_ADVISORY secalert@redhat.com - MAILING_LIST,THIRD_PARTY_ADVISORY secalert@redhat.com - PATCH,THIRD_PARTY_ADVISORY secalert@redhat.com - PATCH,THIRD_PARTY_ADVISORY secalert@redhat.com - PATCH,THIRD_PARTY_ADVISORY secalert@redhat.com - PATCH,THIRD_PARTY_ADVISORY secalert@redhat.com - PATCH,THIRD_PARTY_ADVISORY secalert@redhat.com - THIRD_PARTY_ADVISORY secalert@redhat.com - THIRD_PARTY_ADVISORY secalert@redhat.com - THIRD_PARTY_ADVISORY secalert@redhat.com - THIRD_PARTY_ADVISORY secalert@redhat.com - THIRD_PARTY_ADVISORY secalert@redhat.com - THIRD_PARTY_ADVISORY secalert@redhat.com - THIRD_PARTY_ADVISORY secalert@redhat.com - THIRD_PARTY_ADVISORY secalert@redhat.com - THIRD_PARTY_ADVISORY secalert@redhat.com - THIRD_PARTY_ADVISORY secalert@redhat.com - THIRD_PARTY_ADVISORY secalert@redhat.com - THIRD_PARTY_ADVISORY secalert@redhat.com - THIRD_PARTY_ADVISORY secalert@redhat.com - THIRD_PARTY_ADVISORY secalert@redhat.com - THIRD_PARTY_ADVISORY secalert@redhat.com - THIRD_PARTY_ADVISORY secalert@redhat.com - THIRD_PARTY_ADVISORY secalert@redhat.com - THIRD_PARTY_ADVISORY secalert@redhat.com - THIRD_PARTY_ADVISORY secalert@redhat.com - THIRD_PARTY_ADVISORY secalert@redhat.com - THIRD_PARTY_ADVISORY secalert@redhat.com - THIRD_PARTY_ADVISORY,VDB_ENTRY secalert@redhat.com - THIRD_PARTY_ADVISORY,VDB_ENTRY Vulnerable Software & Versions: (show all )
CVE-2017-17485 suppress
FasterXML jackson-databind through 2.8.10 and 2.9.x through 2.9.3 allows unauthenticated remote code execution because of an incomplete fix for the CVE-2017-7525 deserialization flaw. This is exploitable by sending maliciously crafted JSON input to the readValue method of the ObjectMapper, bypassing a blacklist that is ineffective if the Spring libraries are available in the classpath. CWE-502 Deserialization of Untrusted Data
CVSSv2:
Base Score: HIGH (7.5) Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P CVSSv3:
Base Score: CRITICAL (9.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:3.9/RC:R/MAV:A References:
Vulnerable Software & Versions: (show all )
CVE-2017-7525 suppress
A deserialization flaw was discovered in the jackson-databind, versions before 2.6.7.1, 2.7.9.1 and 2.8.9, which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMapper. CWE-502 Deserialization of Untrusted Data, CWE-184 Incomplete List of Disallowed Inputs
CVSSv2:
Base Score: HIGH (7.5) Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P CVSSv3:
Base Score: CRITICAL (9.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:3.9/RC:R/MAV:A References:
OSSINDEX - [CVE-2017-7525] CWE-184: Incomplete Blacklist OSSIndex - http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-7525 OSSIndex - https://blog.sonatype.com/jackson-databind-remote-code-execution OSSIndex - https://blog.sonatype.com/jackson-databind-the-end-of-the-blacklist OSSIndex - https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7525 OSSIndex - https://github.com/FasterXML/jackson-databind/issues/1599 secalert@redhat.com - ISSUE_TRACKING,PATCH,THIRD_PARTY_ADVISORY secalert@redhat.com - ISSUE_TRACKING,THIRD_PARTY_ADVISORY secalert@redhat.com - ISSUE_TRACKING,THIRD_PARTY_ADVISORY secalert@redhat.com - MAILING_LIST,THIRD_PARTY_ADVISORY secalert@redhat.com - MAILING_LIST,THIRD_PARTY_ADVISORY secalert@redhat.com - PATCH,THIRD_PARTY_ADVISORY secalert@redhat.com - PATCH,THIRD_PARTY_ADVISORY secalert@redhat.com - PATCH,THIRD_PARTY_ADVISORY secalert@redhat.com - PATCH,THIRD_PARTY_ADVISORY secalert@redhat.com - PATCH,THIRD_PARTY_ADVISORY secalert@redhat.com - PATCH,THIRD_PARTY_ADVISORY secalert@redhat.com - THIRD_PARTY_ADVISORY secalert@redhat.com - THIRD_PARTY_ADVISORY secalert@redhat.com - THIRD_PARTY_ADVISORY secalert@redhat.com - THIRD_PARTY_ADVISORY secalert@redhat.com - THIRD_PARTY_ADVISORY secalert@redhat.com - THIRD_PARTY_ADVISORY secalert@redhat.com - THIRD_PARTY_ADVISORY secalert@redhat.com - THIRD_PARTY_ADVISORY secalert@redhat.com - THIRD_PARTY_ADVISORY secalert@redhat.com - THIRD_PARTY_ADVISORY secalert@redhat.com - THIRD_PARTY_ADVISORY secalert@redhat.com - THIRD_PARTY_ADVISORY secalert@redhat.com - THIRD_PARTY_ADVISORY secalert@redhat.com - THIRD_PARTY_ADVISORY secalert@redhat.com - THIRD_PARTY_ADVISORY secalert@redhat.com - THIRD_PARTY_ADVISORY secalert@redhat.com - THIRD_PARTY_ADVISORY secalert@redhat.com - THIRD_PARTY_ADVISORY secalert@redhat.com - THIRD_PARTY_ADVISORY secalert@redhat.com - THIRD_PARTY_ADVISORY secalert@redhat.com - THIRD_PARTY_ADVISORY secalert@redhat.com - THIRD_PARTY_ADVISORY secalert@redhat.com - THIRD_PARTY_ADVISORY secalert@redhat.com - THIRD_PARTY_ADVISORY secalert@redhat.com - THIRD_PARTY_ADVISORY secalert@redhat.com - THIRD_PARTY_ADVISORY secalert@redhat.com - THIRD_PARTY_ADVISORY secalert@redhat.com - THIRD_PARTY_ADVISORY secalert@redhat.com - THIRD_PARTY_ADVISORY secalert@redhat.com - THIRD_PARTY_ADVISORY secalert@redhat.com - THIRD_PARTY_ADVISORY secalert@redhat.com - THIRD_PARTY_ADVISORY,VDB_ENTRY secalert@redhat.com - THIRD_PARTY_ADVISORY,VDB_ENTRY secalert@redhat.com - THIRD_PARTY_ADVISORY,VDB_ENTRY secalert@redhat.com - THIRD_PARTY_ADVISORY,VDB_ENTRY Vulnerable Software & Versions: (show all )
CVE-2018-11307 suppress
An issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.5. Use of Jackson default typing along with a gadget class from iBatis allows exfiltration of content. Fixed in 2.7.9.4, 2.8.11.2, and 2.9.6. CWE-502 Deserialization of Untrusted Data
CVSSv2:
Base Score: HIGH (7.5) Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P CVSSv3:
Base Score: CRITICAL (9.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:3.9/RC:R/MAV:A References:
Vulnerable Software & Versions: (show all )
CVE-2018-14718 suppress
FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to execute arbitrary code by leveraging failure to block the slf4j-ext class from polymorphic deserialization. CWE-502 Deserialization of Untrusted Data
CVSSv2:
Base Score: HIGH (7.5) Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P CVSSv3:
Base Score: CRITICAL (9.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:3.9/RC:R/MAV:A References:
cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - PATCH,RELEASE_NOTES,THIRD_PARTY_ADVISORY cve@mitre.org - PATCH,THIRD_PARTY_ADVISORY cve@mitre.org - PATCH,THIRD_PARTY_ADVISORY cve@mitre.org - PATCH,THIRD_PARTY_ADVISORY cve@mitre.org - PATCH,THIRD_PARTY_ADVISORY cve@mitre.org - PATCH,THIRD_PARTY_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY,VDB_ENTRY Vulnerable Software & Versions: (show all )
CVE-2018-14719 suppress
FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to execute arbitrary code by leveraging failure to block the blaze-ds-opt and blaze-ds-core classes from polymorphic deserialization. CWE-502 Deserialization of Untrusted Data
CVSSv2:
Base Score: HIGH (7.5) Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P CVSSv3:
Base Score: CRITICAL (9.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:3.9/RC:R/MAV:A References:
cve@mitre.org - ISSUE_TRACKING,MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - PATCH,RELEASE_NOTES,THIRD_PARTY_ADVISORY cve@mitre.org - PATCH,THIRD_PARTY_ADVISORY cve@mitre.org - PATCH,THIRD_PARTY_ADVISORY cve@mitre.org - PATCH,THIRD_PARTY_ADVISORY cve@mitre.org - PATCH,THIRD_PARTY_ADVISORY cve@mitre.org - PATCH,THIRD_PARTY_ADVISORY cve@mitre.org - PATCH,THIRD_PARTY_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY Vulnerable Software & Versions: (show all )
CVE-2018-7489 suppress
FasterXML jackson-databind before 2.7.9.3, 2.8.x before 2.8.11.1 and 2.9.x before 2.9.5 allows unauthenticated remote code execution because of an incomplete fix for the CVE-2017-7525 deserialization flaw. This is exploitable by sending maliciously crafted JSON input to the readValue method of the ObjectMapper, bypassing a blacklist that is ineffective if the c3p0 libraries are available in the classpath. CWE-502 Deserialization of Untrusted Data, CWE-184 Incomplete List of Disallowed Inputs
CVSSv2:
Base Score: HIGH (7.5) Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P CVSSv3:
Base Score: CRITICAL (9.8) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:3.9/RC:R/MAV:A References:
Vulnerable Software & Versions: (show all )
CVE-2019-14379 suppress
SubTypeValidator.java in FasterXML jackson-databind before 2.9.9.2 mishandles default typing when ehcache is used (because of net.sf.ehcache.transaction.manager.DefaultTransactionManagerLookup), leading to remote code execution. CWE-1321 Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
CVSSv2:
Base Score: HIGH (7.5) Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P CVSSv3:
Base Score: CRITICAL (9.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:3.9/RC:R/MAV:A References:
Vulnerable Software & Versions: (show all )
CVE-2019-14540 suppress
A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10. It is related to com.zaxxer.hikari.HikariConfig. CWE-502 Deserialization of Untrusted Data
CVSSv2:
Base Score: HIGH (7.5) Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P CVSSv3:
Base Score: CRITICAL (9.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:3.9/RC:R/MAV:A References:
Vulnerable Software & Versions: (show all )
CVE-2019-14892 suppress
A flaw was discovered in jackson-databind in versions before 2.9.10, 2.8.11.5 and 2.6.7.3, where it would permit polymorphic deserialization of a malicious object using commons-configuration 1 and 2 JNDI classes. An attacker could use this flaw to execute arbitrary code. CWE-502 Deserialization of Untrusted Data, CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
CVSSv2:
Base Score: HIGH (7.5) Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P CVSSv3:
Base Score: CRITICAL (9.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:3.9/RC:R/MAV:A References:
Vulnerable Software & Versions: (show all )
CVE-2019-16335 suppress
A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10. It is related to com.zaxxer.hikari.HikariDataSource. This is a different vulnerability than CVE-2019-14540. CWE-502 Deserialization of Untrusted Data
CVSSv2:
Base Score: HIGH (7.5) Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P CVSSv3:
Base Score: CRITICAL (9.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:3.9/RC:R/MAV:A References:
Vulnerable Software & Versions: (show all )
CVE-2019-16942 suppress
A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the commons-dbcp (1.4) jar in the classpath, and an attacker can find an RMI service endpoint to access, it is possible to make the service execute a malicious payload. This issue exists because of org.apache.commons.dbcp.datasources.SharedPoolDataSource and org.apache.commons.dbcp.datasources.PerUserPoolDataSource mishandling. CWE-502 Deserialization of Untrusted Data
CVSSv2:
Base Score: HIGH (7.5) Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P CVSSv3:
Base Score: CRITICAL (9.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:3.9/RC:R/MAV:A References:
Vulnerable Software & Versions: (show all )
CVE-2019-16943 suppress
A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the p6spy (3.8.6) jar in the classpath, and an attacker can find an RMI service endpoint to access, it is possible to make the service execute a malicious payload. This issue exists because of com.p6spy.engine.spy.P6DataSource mishandling. CWE-502 Deserialization of Untrusted Data
CVSSv2:
Base Score: MEDIUM (6.8) Vector: /AV:N/AC:M/Au:N/C:P/I:P/A:P CVSSv3:
Base Score: CRITICAL (9.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:3.9/RC:R/MAV:A References:
Vulnerable Software & Versions: (show all )
CVE-2019-17267 suppress
A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10. It is related to net.sf.ehcache.hibernate.EhcacheJtaTransactionManagerLookup. CWE-502 Deserialization of Untrusted Data
CVSSv2:
Base Score: HIGH (7.5) Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P CVSSv3:
Base Score: CRITICAL (9.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:3.9/RC:R/MAV:A References:
Vulnerable Software & Versions: (show all )
CVE-2019-17531 suppress
A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the apache-log4j-extra (version 1.2.x) jar in the classpath, and an attacker can provide a JNDI service to access, it is possible to make the service execute a malicious payload. CWE-502 Deserialization of Untrusted Data
CVSSv2:
Base Score: MEDIUM (6.8) Vector: /AV:N/AC:M/Au:N/C:P/I:P/A:P CVSSv3:
Base Score: CRITICAL (9.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:3.9/RC:R/MAV:A References:
Vulnerable Software & Versions: (show all )
CVE-2019-20330 suppress
FasterXML jackson-databind 2.x before 2.9.10.2 lacks certain net.sf.ehcache blocking. CWE-502 Deserialization of Untrusted Data
CVSSv2:
Base Score: HIGH (7.5) Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P CVSSv3:
Base Score: CRITICAL (9.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:3.9/RC:R/MAV:A References:
Vulnerable Software & Versions: (show all )
CVE-2020-8840 suppress
FasterXML jackson-databind 2.0.0 through 2.9.10.2 lacks certain xbean-reflect/JNDI blocking, as demonstrated by org.apache.xbean.propertyeditor.JndiConverter. CWE-502 Deserialization of Untrusted Data
CVSSv2:
Base Score: HIGH (7.5) Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P CVSSv3:
Base Score: CRITICAL (9.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:3.9/RC:R/MAV:A References:
Vulnerable Software & Versions: (show all )
CVE-2020-9547 suppress
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to com.ibatis.sqlmap.engine.transaction.jta.JtaTransactionConfig (aka ibatis-sqlmap). CWE-502 Deserialization of Untrusted Data
CVSSv2:
Base Score: MEDIUM (6.8) Vector: /AV:N/AC:M/Au:N/C:P/I:P/A:P CVSSv3:
Base Score: CRITICAL (9.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:3.9/RC:R/MAV:A References:
Vulnerable Software & Versions: (show all )
CVE-2020-9548 suppress
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPConfig (aka anteros-core). CWE-502 Deserialization of Untrusted Data
CVSSv2:
Base Score: MEDIUM (6.8) Vector: /AV:N/AC:M/Au:N/C:P/I:P/A:P CVSSv3:
Base Score: CRITICAL (9.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:3.9/RC:R/MAV:A References:
Vulnerable Software & Versions: (show all )
CVE-2020-10673 suppress
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to com.caucho.config.types.ResourceRef (aka caucho-quercus). NVD-CWE-Other
CVSSv2:
Base Score: MEDIUM (6.8) Vector: /AV:N/AC:M/Au:N/C:P/I:P/A:P CVSSv3:
Base Score: HIGH (8.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:2.8/RC:R/MAV:A References:
Vulnerable Software & Versions: (show all )
CVE-2018-5968 suppress
FasterXML jackson-databind through 2.8.11 and 2.9.x through 2.9.3 allows unauthenticated remote code execution because of an incomplete fix for the CVE-2017-7525 and CVE-2017-17485 deserialization flaws. This is exploitable via two different gadgets that bypass a blacklist. CWE-502 Deserialization of Untrusted Data, CWE-184 Incomplete List of Disallowed Inputs
CVSSv2:
Base Score: MEDIUM (6.8) Vector: /AV:N/AC:M/Au:N/C:P/I:P/A:P CVSSv3:
Base Score: HIGH (8.1) Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:2.2/RC:R/MAV:A References:
Vulnerable Software & Versions: (show all )
CVE-2020-10650 suppress
A deserialization flaw was discovered in jackson-databind through 2.9.10.4. It could allow an unauthenticated user to perform code execution via ignite-jta or quartz-core: org.apache.ignite.cache.jta.jndi.CacheJndiTmLookup, org.apache.ignite.cache.jta.jndi.CacheJndiTmFactory, and org.quartz.utils.JNDIConnectionProvider. CWE-502 Deserialization of Untrusted Data
CVSSv3:
Base Score: HIGH (8.1) Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:2.2/RC:R/MAV:A References:
Vulnerable Software & Versions: (show all )
CVE-2020-24616 suppress
FasterXML jackson-databind 2.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPDataSource (aka Anteros-DBCP). CWE-502 Deserialization of Untrusted Data
CVSSv2:
Base Score: MEDIUM (6.8) Vector: /AV:N/AC:M/Au:N/C:P/I:P/A:P CVSSv3:
Base Score: HIGH (8.1) Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:2.2/RC:R/MAV:A References:
Vulnerable Software & Versions: (show all )
CVE-2020-24750 suppress
FasterXML jackson-databind 2.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to com.pastdev.httpcomponents.configuration.JndiConfiguration. CWE-502 Deserialization of Untrusted Data
CVSSv2:
Base Score: MEDIUM (6.8) Vector: /AV:N/AC:M/Au:N/C:P/I:P/A:P CVSSv3:
Base Score: HIGH (8.1) Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:2.2/RC:R/MAV:A References:
Vulnerable Software & Versions: (show all )
CVE-2020-35490 suppress
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.PerUserPoolDataSource. CWE-502 Deserialization of Untrusted Data
CVSSv2:
Base Score: MEDIUM (6.8) Vector: /AV:N/AC:M/Au:N/C:P/I:P/A:P CVSSv3:
Base Score: HIGH (8.1) Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:2.2/RC:R/MAV:A References:
Vulnerable Software & Versions: (show all )
CVE-2020-35491 suppress
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.SharedPoolDataSource. CWE-502 Deserialization of Untrusted Data
CVSSv2:
Base Score: MEDIUM (6.8) Vector: /AV:N/AC:M/Au:N/C:P/I:P/A:P CVSSv3:
Base Score: HIGH (8.1) Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:2.2/RC:R/MAV:A References:
Vulnerable Software & Versions: (show all )
CVE-2020-36179 suppress
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to oadd.org.apache.commons.dbcp.cpdsadapter.DriverAdapterCPDS. CWE-502 Deserialization of Untrusted Data
CVSSv2:
Base Score: MEDIUM (6.8) Vector: /AV:N/AC:M/Au:N/C:P/I:P/A:P CVSSv3:
Base Score: HIGH (8.1) Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:2.2/RC:R/MAV:A References:
Vulnerable Software & Versions: (show all )
CVE-2020-36180 suppress
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.cpdsadapter.DriverAdapterCPDS. CWE-502 Deserialization of Untrusted Data
CVSSv2:
Base Score: MEDIUM (6.8) Vector: /AV:N/AC:M/Au:N/C:P/I:P/A:P CVSSv3:
Base Score: HIGH (8.1) Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:2.2/RC:R/MAV:A References:
Vulnerable Software & Versions: (show all )
CVE-2020-36181 suppress
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.cpdsadapter.DriverAdapterCPDS. CWE-502 Deserialization of Untrusted Data
CVSSv2:
Base Score: MEDIUM (6.8) Vector: /AV:N/AC:M/Au:N/C:P/I:P/A:P CVSSv3:
Base Score: HIGH (8.1) Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:2.2/RC:R/MAV:A References:
Vulnerable Software & Versions: (show all )
CVE-2020-36182 suppress
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.cpdsadapter.DriverAdapterCPDS. CWE-502 Deserialization of Untrusted Data
CVSSv2:
Base Score: MEDIUM (6.8) Vector: /AV:N/AC:M/Au:N/C:P/I:P/A:P CVSSv3:
Base Score: HIGH (8.1) Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:2.2/RC:R/MAV:A References:
Vulnerable Software & Versions: (show all )
CVE-2020-36183 suppress
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.docx4j.org.apache.xalan.lib.sql.JNDIConnectionPool. CWE-502 Deserialization of Untrusted Data
CVSSv2:
Base Score: MEDIUM (6.8) Vector: /AV:N/AC:M/Au:N/C:P/I:P/A:P CVSSv3:
Base Score: HIGH (8.1) Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:2.2/RC:R/MAV:A References:
Vulnerable Software & Versions: (show all )
CVE-2020-36184 suppress
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.datasources.PerUserPoolDataSource. CWE-502 Deserialization of Untrusted Data
CVSSv2:
Base Score: MEDIUM (6.8) Vector: /AV:N/AC:M/Au:N/C:P/I:P/A:P CVSSv3:
Base Score: HIGH (8.1) Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:2.2/RC:R/MAV:A References:
Vulnerable Software & Versions: (show all )
CVE-2020-36185 suppress
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.datasources.SharedPoolDataSource. CWE-502 Deserialization of Untrusted Data
CVSSv2:
Base Score: MEDIUM (6.8) Vector: /AV:N/AC:M/Au:N/C:P/I:P/A:P CVSSv3:
Base Score: HIGH (8.1) Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:2.2/RC:R/MAV:A References:
Vulnerable Software & Versions: (show all )
CVE-2020-36186 suppress
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.datasources.PerUserPoolDataSource. CWE-502 Deserialization of Untrusted Data
CVSSv2:
Base Score: MEDIUM (6.8) Vector: /AV:N/AC:M/Au:N/C:P/I:P/A:P CVSSv3:
Base Score: HIGH (8.1) Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:2.2/RC:R/MAV:A References:
Vulnerable Software & Versions: (show all )
CVE-2020-36187 suppress
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.datasources.SharedPoolDataSource. CWE-502 Deserialization of Untrusted Data
CVSSv2:
Base Score: MEDIUM (6.8) Vector: /AV:N/AC:M/Au:N/C:P/I:P/A:P CVSSv3:
Base Score: HIGH (8.1) Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:2.2/RC:R/MAV:A References:
Vulnerable Software & Versions: (show all )
CVE-2020-36188 suppress
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to com.newrelic.agent.deps.ch.qos.logback.core.db.JNDIConnectionSource. CWE-502 Deserialization of Untrusted Data
CVSSv2:
Base Score: MEDIUM (6.8) Vector: /AV:N/AC:M/Au:N/C:P/I:P/A:P CVSSv3:
Base Score: HIGH (8.1) Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:2.2/RC:R/MAV:A References:
Vulnerable Software & Versions: (show all )
CVE-2020-36189 suppress
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to com.newrelic.agent.deps.ch.qos.logback.core.db.DriverManagerConnectionSource. CWE-502 Deserialization of Untrusted Data
CVSSv2:
Base Score: MEDIUM (6.8) Vector: /AV:N/AC:M/Au:N/C:P/I:P/A:P CVSSv3:
Base Score: HIGH (8.1) Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:2.2/RC:R/MAV:A References:
Vulnerable Software & Versions: (show all )
CVE-2021-20190 suppress
A flaw was found in jackson-databind before 2.9.10.7. FasterXML mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. CWE-502 Deserialization of Untrusted Data
CVSSv2:
Base Score: HIGH (8.3) Vector: /AV:N/AC:M/Au:N/C:P/I:P/A:C CVSSv3:
Base Score: HIGH (8.1) Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:2.2/RC:R/MAV:A References:
Vulnerable Software & Versions: (show all )
CVE-2018-12022 suppress
An issue was discovered in FasterXML jackson-databind prior to 2.7.9.4, 2.8.11.2, and 2.9.6. When Default Typing is enabled (either globally or for a specific property), the service has the Jodd-db jar (for database access for the Jodd framework) in the classpath, and an attacker can provide an LDAP service to access, it is possible to make the service execute a malicious payload. CWE-502 Deserialization of Untrusted Data
CVSSv2:
Base Score: MEDIUM (5.1) Vector: /AV:N/AC:H/Au:N/C:P/I:P/A:P CVSSv3:
Base Score: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:1.6/RC:R/MAV:A References:
Vulnerable Software & Versions: (show all )
CVE-2019-12086 suppress
A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.x before 2.9.9. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint, the service has the mysql-connector-java jar (8.0.14 or earlier) in the classpath, and an attacker can host a crafted MySQL server reachable by the victim, an attacker can send a crafted JSON message that allows them to read arbitrary local files on the server. This occurs because of missing com.mysql.cj.jdbc.admin.MiniAdmin validation. CWE-502 Deserialization of Untrusted Data
CVSSv2:
Base Score: MEDIUM (5.0) Vector: /AV:N/AC:L/Au:N/C:P/I:N/A:N CVSSv3:
Base Score: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:3.9/RC:R/MAV:A References:
Vulnerable Software & Versions: (show all )
CVE-2019-14439 suppress
A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.x before 2.9.9.2. This occurs when Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the logback jar in the classpath. CWE-502 Deserialization of Untrusted Data
CVSSv2:
Base Score: MEDIUM (5.0) Vector: /AV:N/AC:L/Au:N/C:P/I:N/A:N CVSSv3:
Base Score: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:3.9/RC:R/MAV:A References:
Vulnerable Software & Versions: (show all )
CVE-2020-36518 suppress
jackson-databind before 2.13.0 allows a Java StackOverflow exception and denial of service via a large depth of nested objects. CWE-787 Out-of-bounds Write
CVSSv2:
Base Score: MEDIUM (5.0) Vector: /AV:N/AC:L/Au:N/C:N/I:N/A:P CVSSv3:
Base Score: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:3.9/RC:R/MAV:A References:
Vulnerable Software & Versions: (show all )
CVE-2022-42003 suppress
In FasterXML jackson-databind before versions 2.13.4.1 and 2.12.17.1, resource exhaustion can occur because of a lack of a check in primitive value deserializers to avoid deep wrapper array nesting, when the UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled. CWE-502 Deserialization of Untrusted Data
CVSSv3:
Base Score: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:3.9/RC:R/MAV:A References:
Vulnerable Software & Versions: (show all )
CVE-2022-42004 suppress
In FasterXML jackson-databind before 2.13.4, resource exhaustion can occur because of a lack of a check in BeanDeserializer._deserializeFromArray to prevent use of deeply nested arrays. An application is vulnerable only with certain customized choices for deserialization. CWE-502 Deserialization of Untrusted Data
CVSSv3:
Base Score: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:3.9/RC:R/MAV:A References:
Vulnerable Software & Versions: (show all )
CVE-2018-1000873 suppress
Fasterxml Jackson version Before 2.9.8 contains a CWE-20: Improper Input Validation vulnerability in Jackson-Modules-Java8 that can result in Causes a denial-of-service (DoS). This attack appear to be exploitable via The victim deserializes malicious input, specifically very large values in the nanoseconds field of a time value. This vulnerability appears to have been fixed in 2.9.8. CWE-20 Improper Input Validation
CVSSv2:
Base Score: MEDIUM (4.3) Vector: /AV:N/AC:M/Au:N/C:N/I:N/A:P CVSSv3:
Base Score: MEDIUM (6.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:2.8/RC:R/MAV:A References:
Vulnerable Software & Versions: (show all )
CVE-2019-12384 suppress
FasterXML jackson-databind 2.x before 2.9.9.1 might allow attackers to have a variety of impacts by leveraging failure to block the logback-core class from polymorphic deserialization. Depending on the classpath content, remote code execution may be possible. CWE-502 Deserialization of Untrusted Data
CVSSv2:
Base Score: MEDIUM (4.3) Vector: /AV:N/AC:M/Au:N/C:P/I:N/A:N CVSSv3:
Base Score: MEDIUM (5.9) Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:2.2/RC:R/MAV:A References:
Vulnerable Software & Versions: (show all )
CVE-2019-12814 suppress
A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.x through 2.9.9. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has JDOM 1.x or 2.x jar in the classpath, an attacker can send a specifically crafted JSON message that allows them to read arbitrary local files on the server. CWE-502 Deserialization of Untrusted Data
CVSSv2:
Base Score: MEDIUM (4.3) Vector: /AV:N/AC:M/Au:N/C:P/I:N/A:N CVSSv3:
Base Score: MEDIUM (5.9) Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:2.2/RC:R/MAV:A References:
Vulnerable Software & Versions: (show all )
CVE-2023-35116 suppress
jackson-databind through 2.15.2 allows attackers to cause a denial of service or other unspecified impact via a crafted object that uses cyclic dependencies. NOTE: the vendor's perspective is that this is not a valid vulnerability report, because the steps of constructing a cyclic data structure and trying to serialize it cannot be achieved by an external attacker. CWE-770 Allocation of Resources Without Limits or Throttling
CVSSv3:
Base Score: MEDIUM (4.7) Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:1.0/RC:R/MAV:A References:
Vulnerable Software & Versions:
htrace-core-3.1.0-incubating.jar (shaded: commons-logging:commons-logging:1.1.1)Description:
Commons Logging is a thin adapter allowing configurable bridging to other,
well known logging systems. File Path: /home/runner/.m2/repository/org/apache/htrace/htrace-core/3.1.0-incubating/htrace-core-3.1.0-incubating.jar/META-INF/maven/commons-logging/commons-logging/pom.xmlMD5: 976d812430b8246deeaf2ea54610f263SHA1: 76672afb562b9e903674ad3a544cdf2092f1faa3SHA256: d0f2e16d054e8bb97add9ca26525eb2346f692809fcd2a28787da8ceb3c35ee8Referenced In Projects/Scopes:
shardingsphere-infra-database-hive:provided shardingsphere-proxy-backend-hbase:compile Evidence Type Source Name Value Confidence Vendor pom artifactid commons-logging Low Vendor pom developer email baliuka@apache.org Low Vendor pom developer email costin at apache dot org Low Vendor pom developer email craigmcc at apache org Low Vendor pom developer email dennisl@apache.org Low Vendor pom developer email donaldp at apache dot org Low Vendor pom developer email morgand at apache dot org Low Vendor pom developer email rdonkin at apache dot org Low Vendor pom developer email rsitze at apache dot org Low Vendor pom developer email rwaldhoff at apache org Low Vendor pom developer email sanders at apache dot org Low Vendor pom developer email skitching@apache.org Low Vendor pom developer id baliuka Medium Vendor pom developer id bstansberry Medium Vendor pom developer id costin Medium Vendor pom developer id craigmcc Medium Vendor pom developer id dennisl Medium Vendor pom developer id donaldp Medium Vendor pom developer id morgand Medium Vendor pom developer id rdonkin Medium Vendor pom developer id rsitze Medium Vendor pom developer id rwaldhoff Medium Vendor pom developer id sanders Medium Vendor pom developer id skitching Medium Vendor pom developer name Brian Stansberry Medium Vendor pom developer name Costin Manolache Medium Vendor pom developer name Craig McClanahan Medium Vendor pom developer name Dennis Lundberg Medium Vendor pom developer name Juozas Baliuka Medium Vendor pom developer name Morgan Delagrange Medium Vendor pom developer name Peter Donald Medium Vendor pom developer name Richard Sitze Medium Vendor pom developer name Robert Burrell Donkin Medium Vendor pom developer name Rodney Waldhoff Medium Vendor pom developer name Scott Sanders Medium Vendor pom developer name Simon Kitching Medium Vendor pom developer org Apache Medium Vendor pom developer org Apache Software Foundation Medium Vendor pom groupid commons-logging Highest Vendor pom name Commons Logging High Vendor pom parent-artifactid commons-parent Low Vendor pom parent-groupid org.apache.commons Medium Vendor pom url http://commons.apache.org/logging Highest Product pom artifactid commons-logging Highest Product pom developer email baliuka@apache.org Low Product pom developer email costin at apache dot org Low Product pom developer email craigmcc at apache org Low Product pom developer email dennisl@apache.org Low Product pom developer email donaldp at apache dot org Low Product pom developer email morgand at apache dot org Low Product pom developer email rdonkin at apache dot org Low Product pom developer email rsitze at apache dot org Low Product pom developer email rwaldhoff at apache org Low Product pom developer email sanders at apache dot org Low Product pom developer email skitching@apache.org Low Product pom developer id baliuka Low Product pom developer id bstansberry Low Product pom developer id costin Low Product pom developer id craigmcc Low Product pom developer id dennisl Low Product pom developer id donaldp Low Product pom developer id morgand Low Product pom developer id rdonkin Low Product pom developer id rsitze Low Product pom developer id rwaldhoff Low Product pom developer id sanders Low Product pom developer id skitching Low Product pom developer name Brian Stansberry Low Product pom developer name Costin Manolache Low Product pom developer name Craig McClanahan Low Product pom developer name Dennis Lundberg Low Product pom developer name Juozas Baliuka Low Product pom developer name Morgan Delagrange Low Product pom developer name Peter Donald Low Product pom developer name Richard Sitze Low Product pom developer name Robert Burrell Donkin Low Product pom developer name Rodney Waldhoff Low Product pom developer name Scott Sanders Low Product pom developer name Simon Kitching Low Product pom developer org Apache Low Product pom developer org Apache Software Foundation Low Product pom groupid commons-logging Highest Product pom name Commons Logging High Product pom parent-artifactid commons-parent Medium Product pom parent-groupid org.apache.commons Medium Product pom url http://commons.apache.org/logging Medium Version pom parent-version 1.1.1 Low Version pom version 1.1.1 Highest
Related Dependencies htrace-core-3.2.0-incubating.jar (shaded: commons-logging:commons-logging:1.1.1)File Path: /home/runner/.m2/repository/org/apache/htrace/htrace-core/3.2.0-incubating/htrace-core-3.2.0-incubating.jar/META-INF/maven/commons-logging/commons-logging/pom.xml MD5: 976d812430b8246deeaf2ea54610f263 SHA1: 76672afb562b9e903674ad3a544cdf2092f1faa3 SHA256: d0f2e16d054e8bb97add9ca26525eb2346f692809fcd2a28787da8ceb3c35ee8 pkg:maven/commons-logging/commons-logging@1.1.1 htrace-core4-4.0.1-incubating.jar (shaded: commons-logging:commons-logging:1.1.1)File Path: /home/runner/.m2/repository/org/apache/htrace/htrace-core4/4.0.1-incubating/htrace-core4-4.0.1-incubating.jar/META-INF/maven/commons-logging/commons-logging/pom.xml MD5: 976d812430b8246deeaf2ea54610f263 SHA1: 76672afb562b9e903674ad3a544cdf2092f1faa3 SHA256: d0f2e16d054e8bb97add9ca26525eb2346f692809fcd2a28787da8ceb3c35ee8 pkg:maven/commons-logging/commons-logging@1.1.1 htrace-core-3.1.0-incubating.jarFile Path: /home/runner/.m2/repository/org/apache/htrace/htrace-core/3.1.0-incubating/htrace-core-3.1.0-incubating.jarMD5: c49a4662d691a09eed10e0a35dd73299SHA1: f73606e7c9ede5802335c290bf47490ad6d51df3SHA256: d96c869afaf65315ece8ca09673b187557e9dbaad31df24467a5aa759812188dReferenced In Project/Scope: shardingsphere-proxy-backend-hbase:compilehtrace-core-3.1.0-incubating.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.hbase/hbase-shaded-client@1.7.1
Evidence Type Source Name Value Confidence Vendor file name htrace-core High Vendor jar package name apache Highest Vendor jar package name htrace Highest Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor Manifest Implementation-Vendor-Id org.apache.htrace Medium Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor pom artifactid htrace-core Highest Vendor pom artifactid htrace-core Low Vendor pom groupid org.apache.htrace Highest Vendor pom name htrace-core High Vendor pom parent-artifactid htrace Low Vendor pom url http://incubator.apache.org/projects/htrace.html Highest Product file name htrace-core High Product jar package name apache Highest Product jar package name htrace Highest Product Manifest Implementation-Title htrace-core High Product Manifest specification-title htrace-core Medium Product pom artifactid htrace-core Highest Product pom groupid org.apache.htrace Highest Product pom name htrace-core High Product pom parent-artifactid htrace Medium Product pom url http://incubator.apache.org/projects/htrace.html Medium Version Manifest Implementation-Version 3.1.0-incubating High Version pom version 3.1.0-incubating Highest
htrace-core-3.2.0-incubating.jarFile Path: /home/runner/.m2/repository/org/apache/htrace/htrace-core/3.2.0-incubating/htrace-core-3.2.0-incubating.jarMD5: 0b1b1a63aca83a11545de49218a251bfSHA1: 8797cf3230f01e8724ef27a0ed565dabb6998c64SHA256: 508be2770ef8e83b5c32e19bb56d3fba2ee33c12f7fba25293582ad1595e30bbReferenced In Project/Scope: shardingsphere-infra-database-hive:providedhtrace-core-3.2.0-incubating.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.hive/hive-jdbc@3.1.3
Evidence Type Source Name Value Confidence Vendor file name htrace-core High Vendor jar package name apache Highest Vendor jar package name htrace Highest Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor Manifest Implementation-Vendor-Id org.apache.htrace Medium Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor pom artifactid htrace-core Highest Vendor pom artifactid htrace-core Low Vendor pom groupid org.apache.htrace Highest Vendor pom name htrace-core High Vendor pom parent-artifactid htrace Low Vendor pom url http://incubator.apache.org/projects/htrace.html Highest Product file name htrace-core High Product jar package name apache Highest Product jar package name htrace Highest Product Manifest Implementation-Title htrace-core High Product Manifest specification-title htrace-core Medium Product pom artifactid htrace-core Highest Product pom groupid org.apache.htrace Highest Product pom name htrace-core High Product pom parent-artifactid htrace Medium Product pom url http://incubator.apache.org/projects/htrace.html Medium Version Manifest Implementation-Version 3.2.0-incubating High Version pom version 3.2.0-incubating Highest
htrace-core4-4.0.1-incubating.jarFile Path: /home/runner/.m2/repository/org/apache/htrace/htrace-core4/4.0.1-incubating/htrace-core4-4.0.1-incubating.jarMD5: 0852b1855f82857d66901501bcb10922SHA1: f4ef727cb4675788ac66f48e217020acc1690960SHA256: 0abe211fbe122dc18be76fe58fc366052ec1444e7afcbb29cc1bed828710e6deReferenced In Project/Scope: shardingsphere-proxy-backend-hbase:compilehtrace-core4-4.0.1-incubating.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.hbase/hbase-shaded-client@1.7.1
Evidence Type Source Name Value Confidence Vendor file name htrace-core4 High Vendor jar package name apache Highest Vendor jar package name htrace Highest Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor Manifest Implementation-Vendor-Id org.apache.htrace Medium Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor pom artifactid htrace-core4 Highest Vendor pom artifactid htrace-core4 Low Vendor pom groupid org.apache.htrace Highest Vendor pom name htrace-core4 High Vendor pom parent-artifactid htrace Low Vendor pom url http://incubator.apache.org/projects/htrace.html Highest Product file name htrace-core4 High Product jar package name apache Highest Product jar package name htrace Highest Product Manifest Implementation-Title htrace-core4 High Product Manifest specification-title htrace-core4 Medium Product pom artifactid htrace-core4 Highest Product pom groupid org.apache.htrace Highest Product pom name htrace-core4 High Product pom parent-artifactid htrace Medium Product pom url http://incubator.apache.org/projects/htrace.html Medium Version Manifest Implementation-Version 4.0.1-incubating High Version pom version 4.0.1-incubating Highest
httpclient-4.5.13.jarDescription:
Apache HttpComponents Client
File Path: /home/runner/.m2/repository/org/apache/httpcomponents/httpclient/4.5.13/httpclient-4.5.13.jarMD5: 40d6b9075fbd28fa10292a45a0db9457SHA1: e5f6cae5ca7ecaac1ec2827a9e2d65ae2869cadaSHA256: 6fe9026a566c6a5001608cf3fc32196641f6c1e5e1986d1037ccdbd5f31ef743Referenced In Project/Scope: shardingsphere-infra-database-hive:providedhttpclient-4.5.13.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.hive/hive-jdbc@3.1.3
Evidence Type Source Name Value Confidence Vendor file name httpclient High Vendor jar package name apache Highest Vendor jar package name client Highest Vendor jar package name httpclient Highest Vendor Manifest automatic-module-name org.apache.httpcomponents.httpclient Medium Vendor Manifest implementation-url http://hc.apache.org/httpcomponents-client Low Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor Manifest Implementation-Vendor-Id org.apache.httpcomponents Medium Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor pom artifactid httpclient Highest Vendor pom artifactid httpclient Low Vendor pom groupid org.apache.httpcomponents Highest Vendor pom name Apache HttpClient High Vendor pom parent-artifactid httpcomponents-client Low Vendor pom url http://hc.apache.org/httpcomponents-client Highest Product file name httpclient High Product jar package name apache Highest Product jar package name client Highest Product jar package name http Highest Product jar package name httpclient Highest Product Manifest automatic-module-name org.apache.httpcomponents.httpclient Medium Product Manifest Implementation-Title Apache HttpClient High Product Manifest implementation-url http://hc.apache.org/httpcomponents-client Low Product Manifest specification-title Apache HttpClient Medium Product pom artifactid httpclient Highest Product pom groupid org.apache.httpcomponents Highest Product pom name Apache HttpClient High Product pom parent-artifactid httpcomponents-client Medium Product pom url http://hc.apache.org/httpcomponents-client Medium Version file version 4.5.13 High Version Manifest Implementation-Version 4.5.13 High Version pom version 4.5.13 Highest
httpclient5-5.1.3.jar httpcore-4.4.13.jarDescription:
Apache HttpComponents Core (blocking I/O)
File Path: /home/runner/.m2/repository/org/apache/httpcomponents/httpcore/4.4.13/httpcore-4.4.13.jarMD5: e07a248f61c52776a2366c075dcd4963SHA1: 853b96d3afbb7bf8cc303fe27ee96836a10c1834SHA256: e06e89d40943245fcfa39ec537cdbfce3762aecde8f9c597780d2b00c2b43424Referenced In Project/Scope: shardingsphere-infra-database-hive:providedhttpcore-4.4.13.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.hive/hive-jdbc@3.1.3
Evidence Type Source Name Value Confidence Vendor file name httpcore High Vendor jar package name apache Highest Vendor Manifest automatic-module-name org.apache.httpcomponents.httpcore Medium Vendor Manifest implementation-build ${scmBranch}@r${buildNumber}; 2020-01-09 12:56:55+0000 Low Vendor Manifest implementation-url http://hc.apache.org/httpcomponents-core-ga Low Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor Manifest Implementation-Vendor-Id org.apache Medium Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor Manifest url http://hc.apache.org/httpcomponents-core-ga Low Vendor pom artifactid httpcore Highest Vendor pom artifactid httpcore Low Vendor pom groupid org.apache.httpcomponents Highest Vendor pom name Apache HttpCore High Vendor pom parent-artifactid httpcomponents-core Low Vendor pom url http://hc.apache.org/httpcomponents-core-ga Highest Product file name httpcore High Product jar package name apache Highest Product jar package name http Highest Product Manifest automatic-module-name org.apache.httpcomponents.httpcore Medium Product Manifest implementation-build ${scmBranch}@r${buildNumber}; 2020-01-09 12:56:55+0000 Low Product Manifest Implementation-Title HttpComponents Apache HttpCore High Product Manifest implementation-url http://hc.apache.org/httpcomponents-core-ga Low Product Manifest specification-title HttpComponents Apache HttpCore Medium Product Manifest url http://hc.apache.org/httpcomponents-core-ga Low Product pom artifactid httpcore Highest Product pom groupid org.apache.httpcomponents Highest Product pom name Apache HttpCore High Product pom parent-artifactid httpcomponents-core Medium Product pom url http://hc.apache.org/httpcomponents-core-ga Medium Version file version 4.4.13 High Version Manifest Implementation-Version 4.4.13 High Version pom version 4.4.13 Highest
httpcore5-5.1.3.jar httpcore5-h2-5.1.3.jar icu4j-61.1.jarDescription:
International Component for Unicode for Java (ICU4J) is a mature, widely used Java library
providing Unicode and Globalization support
License:
Unicode/ICU License: http://source.icu-project.org/repos/icu/trunk/icu4j/main/shared/licenses/LICENSE File Path: /home/runner/.m2/repository/com/ibm/icu/icu4j/61.1/icu4j-61.1.jar
MD5: 07e6b698917de94886bf0dfb4d042fc0
SHA1: 28d33b5e44e72edcc66a5da7a34a42147f38d987
SHA256: 55c98eb1838b2a4bb9a07dc36bd378532d64d0cdcb7ceee914236866a7de4464
Referenced In Project/Scope: shardingsphere-transaction-base-seata-at:provided
icu4j-61.1.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/io.seata/seata-all@2.0.0
Evidence Type Source Name Value Confidence Vendor file name icu4j High Vendor file (hint) name icu-project High Vendor file (hint) name unicode High Vendor jar package name ibm Highest Vendor jar package name icu Highest Vendor Manifest bundle-copyright © 2016 and later: Unicode, Inc. and others. License & terms of use: http://www.unicode.org/copyright.html#License Low Vendor Manifest bundle-requiredexecutionenvironment JavaSE-1.6 Low Vendor Manifest bundle-symbolicname com.ibm.icu Medium Vendor Manifest Implementation-Vendor Unicode, Inc. High Vendor Manifest Implementation-Vendor-Id org.unicode Medium Vendor pom artifactid icu4j Highest Vendor pom artifactid icu4j Low Vendor pom developer id deborah Medium Vendor pom developer id doug Medium Vendor pom developer id emmons Medium Vendor pom developer id mark Medium Vendor pom developer id markus Medium Vendor pom developer id pedberg Medium Vendor pom developer id srl Medium Vendor pom developer id yoshito Medium Vendor pom developer name Deborah Goldsmith Medium Vendor pom developer name Doug Felt Medium Vendor pom developer name John Emmons Medium Vendor pom developer name Mark Davis Medium Vendor pom developer name Markus Scherer Medium Vendor pom developer name Peter Edberg Medium Vendor pom developer name Steven Loomis Medium Vendor pom developer name Yoshito Umaoka Medium Vendor pom developer org Apple Medium Vendor pom developer org Google Medium Vendor pom developer org IBM Corporation Medium Vendor pom groupid com.ibm.icu Highest Vendor pom name ICU4J High Vendor pom url http://icu-project.org/ Highest Vendor pom (hint) artifactid icu-project Highest Vendor pom (hint) artifactid icu-project Low Vendor pom (hint) artifactid unicode Highest Vendor pom (hint) artifactid unicode Low Vendor pom (hint) name icu-project High Vendor pom (hint) name unicode High Product file name icu4j High Product hint analyzer product international_components_for_unicode Highest Product jar package name ibm Highest Product jar package name icu Highest Product Manifest bundle-copyright © 2016 and later: Unicode, Inc. and others. License & terms of use: http://www.unicode.org/copyright.html#License Low Product Manifest Bundle-Name ICU4J Medium Product Manifest bundle-requiredexecutionenvironment JavaSE-1.6 Low Product Manifest bundle-symbolicname com.ibm.icu Medium Product Manifest Implementation-Title International Components for Unicode for Java High Product Manifest specification-title International Components for Unicode for Java Medium Product pom artifactid icu4j Highest Product pom developer id deborah Low Product pom developer id doug Low Product pom developer id emmons Low Product pom developer id mark Low Product pom developer id markus Low Product pom developer id pedberg Low Product pom developer id srl Low Product pom developer id yoshito Low Product pom developer name Deborah Goldsmith Low Product pom developer name Doug Felt Low Product pom developer name John Emmons Low Product pom developer name Mark Davis Low Product pom developer name Markus Scherer Low Product pom developer name Peter Edberg Low Product pom developer name Steven Loomis Low Product pom developer name Yoshito Umaoka Low Product pom developer org Apple Low Product pom developer org Google Low Product pom developer org IBM Corporation Low Product pom groupid com.ibm.icu Highest Product pom name ICU4J High Product pom url http://icu-project.org/ Medium Version file version 61.1 High Version Manifest Bundle-Version 61.1 High Version Manifest Implementation-Version 61.1 High Version pom version 61.1 Highest
pkg:maven/com.ibm.icu/icu4j@61.1 (Confidence :High)cpe:2.3:a:icu-project:international_components_for_unicode:61.1:*:*:*:*:*:*:* (Confidence :Low) suppress cpe:2.3:a:unicode:international_components_for_unicode:61.1:*:*:*:*:*:*:* (Confidence :Low) suppress CVE-2018-18928 (OSSINDEX) suppress
International Components for Unicode (ICU) for C/C++ 63.1 has an integer overflow in number::impl::DecimalQuantity::toScientificString() in i18n/number_decimalquantity.cpp.
Sonatype's research suggests that this CVE's details differ from those defined at NVD. See https://ossindex.sonatype.org/vulnerability/CVE-2018-18928 for details CWE-190 Integer Overflow or Wraparound
CVSSv3:
Base Score: CRITICAL (9.800000190734863) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H References:
Vulnerable Software & Versions (OSSINDEX):
cpe:2.3:a:com.ibm.icu:icu4j:61.1:*:*:*:*:*:*:* istack-commons-runtime-3.0.12.jarDescription:
istack common utility code License:
http://www.eclipse.org/org/documents/edl-v10.php File Path: /home/runner/.m2/repository/com/sun/istack/istack-commons-runtime/3.0.12/istack-commons-runtime-3.0.12.jar
MD5: 1952bd76321f8580cfaa57e332a68287
SHA1: cbbe1a62b0cc6c85972e99d52aaee350153dc530
SHA256: 27d85fc134c9271d5c79d3300fc4669668f017e72409727c428f54f2417f04cd
Referenced In Projects/Scopes: shardingsphere-test-fixture-database:compile shardingsphere-test-it-parser:compile shardingsphere-test-e2e-agent-plugins-metrics-prometheus:compile shardingsphere-test-e2e-agent-plugins-jaeger:compile shardingsphere-test-it:compile shardingsphere-test-util:compile shardingsphere-test-e2e-agent-plugins-logging:compile shardingsphere-test-e2e-sql:compile shardingsphere-test-e2e-agent-plugins:compile shardingsphere-test-e2e-operation:compile shardingsphere-test-it-yaml:compile shardingsphere-test-fixture:compile shardingsphere-test-e2e-agent-plugins-tracing:compile shardingsphere-test-fixture-infra:compile shardingsphere-test-e2e-env:compile shardingsphere-test:compile shardingsphere-test-e2e-fixture:compile shardingsphere-test-it-optimizer:compile shardingsphere-test-e2e-agent-plugins-zipkin:compile shardingsphere-test-e2e-driver:compile shardingsphere-test-it-pipeline:compile shardingsphere-test-e2e-showprocesslist:compile shardingsphere-test-native:compile shardingsphere-test-e2e-transaction:compile shardingsphere-test-e2e:compile shardingsphere-test-e2e-agent-plugins-logging-file:compile shardingsphere-test-e2e-agent:compile shardingsphere-test-e2e-agent-plugins-common:compile shardingsphere-test-it-rewriter:compile shardingsphere-test-e2e-agent-jdbc-project:compile shardingsphere-test-e2e-agent-plugins-metrics:compile shardingsphere-test-e2e-pipeline:compile istack-commons-runtime-3.0.12.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.glassfish.jaxb/jaxb-runtime@2.3.9 pkg:maven/org.glassfish.jaxb/jaxb-runtime@2.3.9 pkg:maven/org.glassfish.jaxb/jaxb-runtime@2.3.9 pkg:maven/org.glassfish.jaxb/jaxb-runtime@2.3.9 pkg:maven/org.glassfish.jaxb/jaxb-runtime@2.3.9 pkg:maven/org.glassfish.jaxb/jaxb-runtime@2.3.9 pkg:maven/org.glassfish.jaxb/jaxb-runtime@2.3.9 pkg:maven/org.glassfish.jaxb/jaxb-runtime@2.3.9 pkg:maven/org.glassfish.jaxb/jaxb-runtime@2.3.9 pkg:maven/org.glassfish.jaxb/jaxb-runtime@2.3.9 pkg:maven/org.glassfish.jaxb/jaxb-runtime@2.3.9 pkg:maven/org.glassfish.jaxb/jaxb-runtime@2.3.9 pkg:maven/org.glassfish.jaxb/jaxb-runtime@2.3.9 pkg:maven/org.glassfish.jaxb/jaxb-runtime@2.3.9 pkg:maven/org.glassfish.jaxb/jaxb-runtime@2.3.9 pkg:maven/org.glassfish.jaxb/jaxb-runtime@2.3.9 pkg:maven/org.glassfish.jaxb/jaxb-runtime@2.3.9 pkg:maven/org.glassfish.jaxb/jaxb-runtime@2.3.9 pkg:maven/org.glassfish.jaxb/jaxb-runtime@2.3.9 pkg:maven/org.glassfish.jaxb/jaxb-runtime@2.3.9 pkg:maven/org.glassfish.jaxb/jaxb-runtime@2.3.9 pkg:maven/org.glassfish.jaxb/jaxb-runtime@2.3.9 pkg:maven/org.glassfish.jaxb/jaxb-runtime@2.3.9 pkg:maven/org.glassfish.jaxb/jaxb-runtime@2.3.9 pkg:maven/org.glassfish.jaxb/jaxb-runtime@2.3.9 pkg:maven/org.glassfish.jaxb/jaxb-runtime@2.3.9 pkg:maven/org.glassfish.jaxb/jaxb-runtime@2.3.9 pkg:maven/org.glassfish.jaxb/jaxb-runtime@2.3.9 pkg:maven/org.glassfish.jaxb/jaxb-runtime@2.3.9 pkg:maven/org.glassfish.jaxb/jaxb-runtime@2.3.9 pkg:maven/org.glassfish.jaxb/jaxb-runtime@2.3.9 pkg:maven/org.glassfish.jaxb/jaxb-runtime@2.3.9 Evidence Type Source Name Value Confidence Vendor file name istack-commons-runtime High Vendor jar package name com Highest Vendor jar package name istack Highest Vendor jar package name sun Highest Vendor jar (hint) package name oracle Highest Vendor Manifest bundle-docurl https://www.eclipse.org Low Vendor Manifest bundle-symbolicname com.sun.istack.commons-runtime Medium Vendor Manifest implementation-build-id 3.0.12 - 7ed1368 Low Vendor Manifest Implementation-Vendor Eclipse Foundation High Vendor Manifest Implementation-Vendor-Id com.sun.istack Medium Vendor Manifest multi-release true Low Vendor pom artifactid istack-commons-runtime Highest Vendor pom artifactid istack-commons-runtime Low Vendor pom groupid com.sun.istack Highest Vendor pom name istack common utility code runtime High Vendor pom parent-artifactid istack-commons Low Product file name istack-commons-runtime High Product jar package name com Highest Product jar package name istack Highest Product jar package name sun Highest Product Manifest bundle-docurl https://www.eclipse.org Low Product Manifest Bundle-Name istack common utility code runtime Medium Product Manifest bundle-symbolicname com.sun.istack.commons-runtime Medium Product Manifest implementation-build-id 3.0.12 - 7ed1368 Low Product Manifest multi-release true Low Product pom artifactid istack-commons-runtime Highest Product pom groupid com.sun.istack Highest Product pom name istack common utility code runtime High Product pom parent-artifactid istack-commons Medium Version file version 3.0.12 High Version Manifest Bundle-Version 3.0.12 High Version Manifest implementation-build-id 3.0.12 Low Version pom version 3.0.12 Highest
j2objc-annotations-1.3.jar jackson-core-2.16.1.jar jackson-core-asl-1.9.13.jarDescription:
Jackson is a high-performance JSON processor (parser, generator)
License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/runner/.m2/repository/org/codehaus/jackson/jackson-core-asl/1.9.13/jackson-core-asl-1.9.13.jar
MD5: 319c49a4304e3fa9fe3cd8dcfc009d37
SHA1: 3c304d70f42f832e0a86d45bd437f692129299a4
SHA256: 440a9cb5ca95b215f953d3a20a6b1a10da1f09b529a9ddea5f8a4905ddab4f5a
Referenced In Project/Scope: shardingsphere-infra-database-hive:provided
jackson-core-asl-1.9.13.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.hive/hive-jdbc@3.1.3
Evidence Type Source Name Value Confidence Vendor file name jackson-core-asl High Vendor jar package name codehaus Highest Vendor jar package name jackson Highest Vendor Manifest bundle-requiredexecutionenvironment J2SE-1.5, JavaSE-1.6 Low Vendor Manifest bundle-symbolicname jackson-core-asl Medium Vendor Manifest Implementation-Vendor http://fasterxml.com High Vendor Manifest specification-vendor http://www.ietf.org/rfc/rfc4627.txt Low Vendor pom artifactid jackson-core-asl Highest Vendor pom artifactid jackson-core-asl Low Vendor pom developer email tatu@fasterxml.com Low Vendor pom developer id cowtowncoder Medium Vendor pom developer name Tatu Saloranta Medium Vendor pom groupid org.codehaus.jackson Highest Vendor pom name Jackson High Vendor pom organization name FasterXML High Vendor pom organization url http://fasterxml.com Medium Vendor pom url http://jackson.codehaus.org Highest Product file name jackson-core-asl High Product jar package name codehaus Highest Product jar package name jackson Highest Product Manifest Bundle-Name Jackson JSON processor Medium Product Manifest bundle-requiredexecutionenvironment J2SE-1.5, JavaSE-1.6 Low Product Manifest bundle-symbolicname jackson-core-asl Medium Product Manifest Implementation-Title Jackson JSON processor High Product Manifest specification-title JSON - JavaScript Object Notation Medium Product pom artifactid jackson-core-asl Highest Product pom developer email tatu@fasterxml.com Low Product pom developer id cowtowncoder Low Product pom developer name Tatu Saloranta Low Product pom groupid org.codehaus.jackson Highest Product pom name Jackson High Product pom organization name FasterXML Low Product pom organization url http://fasterxml.com Low Product pom url http://jackson.codehaus.org Medium Version file version 1.9.13 High Version Manifest Bundle-Version 1.9.13 High Version Manifest Implementation-Version 1.9.13 High Version pom version 1.9.13 Highest
jackson-databind-2.16.1.jar jackson-dataformat-xml-2.16.1.jarDescription:
Data format extension for Jackson to offer
alternative support for serializing POJOs as XML and deserializing XML as pojos.
License:
http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/runner/.m2/repository/com/fasterxml/jackson/dataformat/jackson-dataformat-xml/2.16.1/jackson-dataformat-xml-2.16.1.jar
MD5: ab3c4a4dcd1928d05f206c5d0e9fe36f
SHA1: d952ad30d3f2d1220f39db175618414b56d14638
SHA256: b8e73fa171d1276832abbf20ebb4df597e377405f875ed39808cee9acca3d3ac
Referenced In Projects/Scopes: shardingsphere-agent-metrics-core:provided shardingsphere-proxy-native-distribution:compile shardingsphere-agent-tracing-core:provided shardingsphere-test-e2e-sql:compile shardingsphere-proxy-backend-hbase:compile shardingsphere-agent-logging-file:provided shardingsphere-test-e2e-fixture:compile shardingsphere-agent-plugin-core:provided shardingsphere-test-e2e-agent-plugins-zipkin:compile shardingsphere-test-e2e-driver:compile shardingsphere-agent-plugin-logging:provided shardingsphere-test-e2e-showprocesslist:compile shardingsphere-proxy-distribution:compile shardingsphere-test-e2e-transaction:compile shardingsphere-agent-metrics-type:provided shardingsphere-agent-tracing-opentelemetry:provided shardingsphere-data-pipeline-opengauss:compile shardingsphere-data-pipeline-core:compile shardingsphere-test-e2e-agent-plugins-logging-file:compile shardingsphere-jdbc-distribution:compile shardingsphere-agent-tracing-type:provided shardingsphere-test-e2e-agent-jdbc-project:compile shardingsphere-proxy-frontend-spi:compile shardingsphere-agent-plugins:provided shardingsphere-agent-plugin-tracing:provided shardingsphere-test-e2e-pipeline:compile shardingsphere-proxy-backend-opengauss:compile shardingsphere-data-pipeline-scenario-consistencycheck:compile shardingsphere-test-e2e-agent-plugins-metrics-prometheus:compile shardingsphere-test-e2e-agent-plugins-jaeger:compile shardingsphere-proxy-backend-postgresql:compile shardingsphere-agent-logging-type:provided shardingsphere-data-pipeline-cdc-core:compile shardingsphere-data-pipeline-postgresql:compile shardingsphere-test-e2e-env:compile shardingsphere-proxy-frontend-opengauss:compile shardingsphere-proxy-backend-core:compile shardingsphere-test-it-pipeline:compile shardingsphere-jdbc:compile shardingsphere-standalone-mode-repository-jdbc:compile shardingsphere-proxy-frontend-postgresql:compile shardingsphere-agent-metrics-prometheus:provided shardingsphere-proxy-frontend-mysql:compile shardingsphere-test-e2e-agent-plugins-common:compile shardingsphere-proxy-frontend-core:compile shardingsphere-proxy-bootstrap:compile shardingsphere-data-pipeline-distsql-handler:compile shardingsphere-agent-plugin-metrics:provided shardingsphere-data-pipeline-scenario-migration:compile shardingsphere-proxy-backend-mysql:compile jackson-dataformat-xml-2.16.1.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.shardingsphere/shardingsphere-jdbc@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-jdbc@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-postgresql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-common@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-env@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-jdbc@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-standalone-mode-repository-jdbc@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-jdbc@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-jdbc@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-fixture@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-common@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-fixture@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-bootstrap@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-bootstrap@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-jdbc@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-common@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-jdbc@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-jdbc@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-bootstrap@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-jdbc@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-jdbc@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-scenario-consistencycheck@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-mysql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-standalone-mode-repository-jdbc@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-bootstrap@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-jdbc@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-postgresql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-env@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-jdbc@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-jdbc@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-jdbc@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-standalone-mode-repository-jdbc@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-common@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-bootstrap@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-bootstrap@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-jdbc@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-jdbc@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-bootstrap@5.5.1-SNAPSHOT Evidence Type Source Name Value Confidence Vendor file name jackson-dataformat-xml High Vendor jar package name dataformat Highest Vendor jar package name fasterxml Highest Vendor jar package name jackson Highest Vendor jar package name xml Highest Vendor Manifest build-jdk-spec 1.8 Low Vendor Manifest bundle-docurl https://github.com/FasterXML/jackson-dataformat-xml Low Vendor Manifest bundle-symbolicname com.fasterxml.jackson.dataformat.jackson-dataformat-xml Medium Vendor Manifest Implementation-Vendor FasterXML High Vendor Manifest Implementation-Vendor-Id com.fasterxml.jackson.dataformat Medium Vendor Manifest multi-release true Low Vendor Manifest specification-vendor FasterXML Low Vendor pom artifactid jackson-dataformat-xml Highest Vendor pom artifactid jackson-dataformat-xml Low Vendor pom groupid com.fasterxml.jackson.dataformat Highest Vendor pom name Jackson-dataformat-XML High Vendor pom parent-artifactid jackson-base Low Vendor pom parent-groupid com.fasterxml.jackson Medium Vendor pom url FasterXML/jackson-dataformat-xml Highest Product file name jackson-dataformat-xml High Product jar package name dataformat Highest Product jar package name fasterxml Highest Product jar package name jackson Highest Product jar package name xml Highest Product Manifest build-jdk-spec 1.8 Low Product Manifest bundle-docurl https://github.com/FasterXML/jackson-dataformat-xml Low Product Manifest Bundle-Name Jackson-dataformat-XML Medium Product Manifest bundle-symbolicname com.fasterxml.jackson.dataformat.jackson-dataformat-xml Medium Product Manifest Implementation-Title Jackson-dataformat-XML High Product Manifest multi-release true Low Product Manifest specification-title Jackson-dataformat-XML Medium Product pom artifactid jackson-dataformat-xml Highest Product pom groupid com.fasterxml.jackson.dataformat Highest Product pom name Jackson-dataformat-XML High Product pom parent-artifactid jackson-base Medium Product pom parent-groupid com.fasterxml.jackson Medium Product pom url FasterXML/jackson-dataformat-xml High Version file version 2.16.1 High Version Manifest Bundle-Version 2.16.1 High Version Manifest Implementation-Version 2.16.1 High Version pom version 2.16.1 Highest
Related Dependencies jackson-dataformat-yaml-2.16.1.jarFile Path: /home/runner/.m2/repository/com/fasterxml/jackson/dataformat/jackson-dataformat-yaml/2.16.1/jackson-dataformat-yaml-2.16.1.jar MD5: f08a64b0e8a224690e774ea3d5dcd00f SHA1: 8e4f1923d73cd55f2b4c0d56ee4ed80419297354 SHA256: fd67e0fafe368ad3dfc1b545eb8fe084a5c64628fb71ef70bd94a4dab27aefff pkg:maven/com.fasterxml.jackson.dataformat/jackson-dataformat-yaml@2.16.1 jackson-jaxrs-1.9.13.jarDescription:
Jax-RS provider for JSON content type, based on
Jackson JSON processor's data binding functionality.
License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
GNU Lesser General Public License (LGPL), Version 2.1: http://www.fsf.org/licensing/licenses/lgpl.txt File Path: /home/runner/.m2/repository/org/codehaus/jackson/jackson-jaxrs/1.9.13/jackson-jaxrs-1.9.13.jar
MD5: 8481e1904d9bfe974157a6af04b4445e
SHA1: 534d72d2b9d6199dd531dfb27083dd4844082bba
SHA256: 1770570a6ba5c87a4795c0aeb40ee7c5fe5e31df64ef1d4795a0d427796b84bb
Referenced In Project/Scope: shardingsphere-infra-database-hive:provided
jackson-jaxrs-1.9.13.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.hive/hive-jdbc@3.1.3
Evidence Type Source Name Value Confidence Vendor file name jackson-jaxrs High Vendor jar package name codehaus Highest Vendor jar package name jackson Highest Vendor jar package name jaxrs Highest Vendor Manifest bundle-requiredexecutionenvironment J2SE-1.5, JavaSE-1.6 Low Vendor Manifest bundle-symbolicname jackson-jaxrs Medium Vendor Manifest Implementation-Vendor http://fasterxml.com High Vendor pom artifactid jackson-jaxrs Highest Vendor pom artifactid jackson-jaxrs Low Vendor pom developer email tatu@fasterxml.com Low Vendor pom developer id cowtowncoder Medium Vendor pom developer name Tatu Saloranta Medium Vendor pom groupid org.codehaus.jackson Highest Vendor pom name JAX-RS provider for JSON content type High Vendor pom organization name FasterXML High Vendor pom organization url http://fasterxml.com Medium Vendor pom url http://jackson.codehaus.org Highest Product file name jackson-jaxrs High Product jar package name codehaus Highest Product jar package name jackson Highest Product jar package name jaxrs Highest Product Manifest Bundle-Name JAX-RS provider for JSON content type, using Jackson data binding Medium Product Manifest bundle-requiredexecutionenvironment J2SE-1.5, JavaSE-1.6 Low Product Manifest bundle-symbolicname jackson-jaxrs Medium Product Manifest Implementation-Title JAX-RS provider for JSON content type, using Jackson data binding High Product pom artifactid jackson-jaxrs Highest Product pom developer email tatu@fasterxml.com Low Product pom developer id cowtowncoder Low Product pom developer name Tatu Saloranta Low Product pom groupid org.codehaus.jackson Highest Product pom name JAX-RS provider for JSON content type High Product pom organization name FasterXML Low Product pom organization url http://fasterxml.com Low Product pom url http://jackson.codehaus.org Medium Version file version 1.9.13 High Version Manifest Bundle-Version 1.9.13 High Version Manifest Implementation-Version 1.9.13 High Version pom version 1.9.13 Highest
jackson-jr-objects-2.16.1.jarDescription:
Simple data-binding that builds directly on jackson-core (streaming),
has no other dependencies, and provides additional builder-style content generator
License:
The Apache Software License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/runner/.m2/repository/com/fasterxml/jackson/jr/jackson-jr-objects/2.16.1/jackson-jr-objects-2.16.1.jar
MD5: c37f58a1eba753680ecf8338a0a08319
SHA1: 3dbc347cab5f6d52ece1584524dcf1da59197cd2
SHA256: 2807c26f9e7e7848dad4376b38f272f39af044f930a03f27e9aa7bbde87500c8
Referenced In Projects/Scopes: shardingsphere-agent-distribution:runtime shardingsphere-agent-tracing-opentelemetry:runtime jackson-jr-objects-2.16.1.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/io.opentelemetry/opentelemetry-exporter-jaeger@1.31.0 pkg:maven/org.apache.shardingsphere/shardingsphere-agent-tracing-opentelemetry@5.5.1-SNAPSHOT Evidence Type Source Name Value Confidence Vendor file name jackson-jr-objects High Vendor jar package name fasterxml Highest Vendor jar package name jackson Highest Vendor jar package name jr Highest Vendor Manifest build-jdk-spec 1.8 Low Vendor Manifest bundle-docurl https://github.com/FasterXML/jackson-jr Low Vendor Manifest bundle-symbolicname com.fasterxml.jackson.jr.jackson-jr-objects Medium Vendor Manifest Implementation-Vendor FasterXML High Vendor Manifest Implementation-Vendor-Id com.fasterxml.jackson.jr Medium Vendor Manifest multi-release true Low Vendor Manifest specification-vendor FasterXML Low Vendor pom artifactid jackson-jr-objects Highest Vendor pom artifactid jackson-jr-objects Low Vendor pom groupid com.fasterxml.jackson.jr Highest Vendor pom parent-artifactid jackson-jr-parent Low Vendor pom url FasterXML/jackson-jr Highest Product file name jackson-jr-objects High Product jar package name fasterxml Highest Product jar package name jackson Highest Product jar package name jr Highest Product Manifest build-jdk-spec 1.8 Low Product Manifest bundle-docurl https://github.com/FasterXML/jackson-jr Low Product Manifest Bundle-Name jackson-jr-objects Medium Product Manifest bundle-symbolicname com.fasterxml.jackson.jr.jackson-jr-objects Medium Product Manifest Implementation-Title jackson-jr-objects High Product Manifest multi-release true Low Product Manifest specification-title jackson-jr-objects Medium Product pom artifactid jackson-jr-objects Highest Product pom groupid com.fasterxml.jackson.jr Highest Product pom parent-artifactid jackson-jr-parent Medium Product pom url FasterXML/jackson-jr High Version file version 2.16.1 High Version Manifest Bundle-Version 2.16.1 High Version Manifest Implementation-Version 2.16.1 High Version pom version 2.16.1 Highest
jackson-mapper-asl-1.9.13.jarDescription:
Data Mapper package is a high-performance data binding package
built on Jackson JSON processor
License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/runner/.m2/repository/org/codehaus/jackson/jackson-mapper-asl/1.9.13/jackson-mapper-asl-1.9.13.jar
MD5: 1750f9c339352fc4b728d61b57171613
SHA1: 1ee2f2bed0e5dd29d1cb155a166e6f8d50bbddb7
SHA256: 74e7a07a76f2edbade29312a5a2ebccfa019128bc021ece3856d76197e9be0c2
Referenced In Project/Scope: shardingsphere-infra-database-hive:provided
jackson-mapper-asl-1.9.13.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.hive/hive-jdbc@3.1.3
Evidence Type Source Name Value Confidence Vendor file name jackson-mapper-asl High Vendor jar package name codehaus Highest Vendor jar package name jackson Highest Vendor Manifest bundle-requiredexecutionenvironment J2SE-1.5, JavaSE-1.6 Low Vendor Manifest bundle-symbolicname jackson-mapper-asl Medium Vendor Manifest Implementation-Vendor http://fasterxml.com High Vendor pom artifactid jackson-mapper-asl Highest Vendor pom artifactid jackson-mapper-asl Low Vendor pom developer email tatu@fasterxml.com Low Vendor pom developer id cowtowncoder Medium Vendor pom developer name Tatu Saloranta Medium Vendor pom groupid org.codehaus.jackson Highest Vendor pom name Data Mapper for Jackson High Vendor pom organization name FasterXML High Vendor pom organization url http://fasterxml.com Medium Vendor pom url http://jackson.codehaus.org Highest Product file name jackson-mapper-asl High Product jar package name codehaus Highest Product jar package name jackson Highest Product Manifest Bundle-Name Data mapper for Jackson JSON processor Medium Product Manifest bundle-requiredexecutionenvironment J2SE-1.5, JavaSE-1.6 Low Product Manifest bundle-symbolicname jackson-mapper-asl Medium Product Manifest Implementation-Title Data mapper for Jackson JSON processor High Product pom artifactid jackson-mapper-asl Highest Product pom developer email tatu@fasterxml.com Low Product pom developer id cowtowncoder Low Product pom developer name Tatu Saloranta Low Product pom groupid org.codehaus.jackson Highest Product pom name Data Mapper for Jackson High Product pom organization name FasterXML Low Product pom organization url http://fasterxml.com Low Product pom url http://jackson.codehaus.org Medium Version file version 1.9.13 High Version Manifest Bundle-Version 1.9.13 High Version Manifest Implementation-Version 1.9.13 High Version pom version 1.9.13 Highest
CVE-2017-7525 (OSSINDEX) suppress
A deserialization flaw was discovered in the jackson-databind, versions before 2.6.7.1, 2.7.9.1 and 2.8.9, which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMapper.
Sonatype's research suggests that this CVE's details differ from those defined at NVD. See https://ossindex.sonatype.org/vulnerability/CVE-2017-7525 for details CWE-184 Incomplete List of Disallowed Inputs
CVSSv3:
Base Score: CRITICAL (9.800000190734863) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H References:
Vulnerable Software & Versions (OSSINDEX):
cpe:2.3:a:org.codehaus.jackson:jackson-mapper-asl:1.9.13:*:*:*:*:*:*:* CVE-2019-10172 suppress
A flaw was found in org.codehaus.jackson:jackson-mapper-asl:1.9.x libraries. XML external entity vulnerabilities similar CVE-2016-3720 also affects codehaus jackson-mapper-asl libraries but in different classes. CWE-611 Improper Restriction of XML External Entity Reference
CVSSv2:
Base Score: MEDIUM (5.0) Vector: /AV:N/AC:L/Au:N/C:N/I:P/A:N CVSSv3:
Base Score: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:3.9/RC:R/MAV:A References:
Vulnerable Software & Versions: (show all )
jackson-xc-1.9.13.jarDescription:
Extensions that provide interoperability support for
Jackson JSON processor's data binding functionality.
License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
GNU Lesser General Public License (LGPL), Version 2.1: http://www.fsf.org/licensing/licenses/lgpl.txt File Path: /home/runner/.m2/repository/org/codehaus/jackson/jackson-xc/1.9.13/jackson-xc-1.9.13.jar
MD5: 49f6a735bae30745dcf5ecec27090720
SHA1: e3480072bc95c202476ffa1de99ff7ee9149f29c
SHA256: 2d2905fcec7d1c55b775995617685dbb03672350704d9e40b492eab5b54d0be7
Referenced In Project/Scope: shardingsphere-infra-database-hive:provided
jackson-xc-1.9.13.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.hive/hive-jdbc@3.1.3
Evidence Type Source Name Value Confidence Vendor file name jackson-xc High Vendor jar package name codehaus Highest Vendor jar package name jackson Highest Vendor jar package name xc Highest Vendor Manifest bundle-requiredexecutionenvironment J2SE-1.5, JavaSE-1.6 Low Vendor Manifest bundle-symbolicname jackson-xc Medium Vendor Manifest Implementation-Vendor http://fasterxml.com High Vendor pom artifactid jackson-xc Highest Vendor pom artifactid jackson-xc Low Vendor pom developer email tatu@fasterxml.com Low Vendor pom developer id cowtowncoder Medium Vendor pom developer name Tatu Saloranta Medium Vendor pom groupid org.codehaus.jackson Highest Vendor pom name Xml Compatibility extensions for Jackson High Vendor pom organization name FasterXML High Vendor pom organization url http://fasterxml.com Medium Vendor pom url http://jackson.codehaus.org Highest Product file name jackson-xc High Product jar package name codehaus Highest Product jar package name jackson Highest Product jar package name xc Highest Product Manifest Bundle-Name XML Compatibility extensions for Jackson data binding Medium Product Manifest bundle-requiredexecutionenvironment J2SE-1.5, JavaSE-1.6 Low Product Manifest bundle-symbolicname jackson-xc Medium Product Manifest Implementation-Title XML Compatibility extensions for Jackson data binding High Product pom artifactid jackson-xc Highest Product pom developer email tatu@fasterxml.com Low Product pom developer id cowtowncoder Low Product pom developer name Tatu Saloranta Low Product pom groupid org.codehaus.jackson Highest Product pom name Xml Compatibility extensions for Jackson High Product pom organization name FasterXML Low Product pom organization url http://fasterxml.com Low Product pom url http://jackson.codehaus.org Medium Version file version 1.9.13 High Version Manifest Bundle-Version 1.9.13 High Version Manifest Implementation-Version 1.9.13 High Version pom version 1.9.13 Highest
jakarta.activation-1.2.2.jarDescription:
Jakarta Activation License:
http://www.eclipse.org/org/documents/edl-v10.php File Path: /home/runner/.m2/repository/com/sun/activation/jakarta.activation/1.2.2/jakarta.activation-1.2.2.jar
MD5: 0b8bee3bf29b9a015f8b992035581a7c
SHA1: 74548703f9851017ce2f556066659438019e7eb5
SHA256: 02156773e4ae9d048d14a56ad35d644bee9f1052a791d072df3ded3c656e6e1a
Referenced In Projects/Scopes: shardingsphere-test-e2e-agent-plugins-metrics:runtime shardingsphere-test-e2e-pipeline:runtime shardingsphere-test-e2e:runtime shardingsphere-test-it-pipeline:runtime shardingsphere-test-native:runtime shardingsphere-test-e2e-fixture:runtime shardingsphere-test-it-optimizer:runtime shardingsphere-test-e2e-transaction:runtime shardingsphere-test-e2e-sql:runtime shardingsphere-test-it-rewriter:runtime shardingsphere-test-fixture-database:runtime shardingsphere-test-e2e-agent-plugins-logging-file:runtime shardingsphere-test-e2e-agent:runtime shardingsphere-test-e2e-agent-plugins-zipkin:runtime shardingsphere-test-e2e-agent-plugins:runtime shardingsphere-test-util:runtime shardingsphere-test-it-parser:runtime shardingsphere-test-e2e-agent-plugins-metrics-prometheus:runtime shardingsphere-test-e2e-env:runtime shardingsphere-test-it:runtime shardingsphere-test-e2e-driver:runtime shardingsphere-test-e2e-showprocesslist:runtime shardingsphere-test:runtime shardingsphere-test-it-yaml:runtime shardingsphere-test-e2e-agent-jdbc-project:runtime shardingsphere-test-e2e-agent-plugins-jaeger:runtime shardingsphere-test-fixture-infra:runtime shardingsphere-test-e2e-agent-plugins-common:runtime shardingsphere-test-e2e-agent-plugins-logging:runtime shardingsphere-test-e2e-operation:runtime shardingsphere-test-e2e-agent-plugins-tracing:runtime shardingsphere-test-fixture:runtime jakarta.activation-1.2.2.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.glassfish.jaxb/jaxb-runtime@2.3.9 pkg:maven/org.glassfish.jaxb/jaxb-runtime@2.3.9 pkg:maven/org.glassfish.jaxb/jaxb-runtime@2.3.9 pkg:maven/org.glassfish.jaxb/jaxb-runtime@2.3.9 pkg:maven/org.glassfish.jaxb/jaxb-runtime@2.3.9 pkg:maven/org.glassfish.jaxb/jaxb-runtime@2.3.9 pkg:maven/org.glassfish.jaxb/jaxb-runtime@2.3.9 pkg:maven/org.glassfish.jaxb/jaxb-runtime@2.3.9 pkg:maven/org.glassfish.jaxb/jaxb-runtime@2.3.9 pkg:maven/org.glassfish.jaxb/jaxb-runtime@2.3.9 pkg:maven/org.glassfish.jaxb/jaxb-runtime@2.3.9 pkg:maven/org.glassfish.jaxb/jaxb-runtime@2.3.9 pkg:maven/org.glassfish.jaxb/jaxb-runtime@2.3.9 pkg:maven/org.glassfish.jaxb/jaxb-runtime@2.3.9 pkg:maven/org.glassfish.jaxb/jaxb-runtime@2.3.9 pkg:maven/org.glassfish.jaxb/jaxb-runtime@2.3.9 pkg:maven/org.glassfish.jaxb/jaxb-runtime@2.3.9 pkg:maven/org.glassfish.jaxb/jaxb-runtime@2.3.9 pkg:maven/org.glassfish.jaxb/jaxb-runtime@2.3.9 pkg:maven/org.glassfish.jaxb/jaxb-runtime@2.3.9 pkg:maven/org.glassfish.jaxb/jaxb-runtime@2.3.9 pkg:maven/org.glassfish.jaxb/jaxb-runtime@2.3.9 pkg:maven/org.glassfish.jaxb/jaxb-runtime@2.3.9 pkg:maven/org.glassfish.jaxb/jaxb-runtime@2.3.9 pkg:maven/org.glassfish.jaxb/jaxb-runtime@2.3.9 pkg:maven/org.glassfish.jaxb/jaxb-runtime@2.3.9 pkg:maven/org.glassfish.jaxb/jaxb-runtime@2.3.9 pkg:maven/org.glassfish.jaxb/jaxb-runtime@2.3.9 pkg:maven/org.glassfish.jaxb/jaxb-runtime@2.3.9 pkg:maven/org.glassfish.jaxb/jaxb-runtime@2.3.9 pkg:maven/org.glassfish.jaxb/jaxb-runtime@2.3.9 pkg:maven/org.glassfish.jaxb/jaxb-runtime@2.3.9 Evidence Type Source Name Value Confidence Vendor file name jakarta.activation High Vendor jar package name activation Highest Vendor jar package name sun Highest Vendor jar (hint) package name oracle Highest Vendor Manifest bundle-docurl https://www.eclipse.org Low Vendor Manifest bundle-symbolicname com.sun.activation.jakarta.activation Medium Vendor Manifest extension-name jakarta.activation Medium Vendor Manifest Implementation-Vendor Eclipse Foundation High Vendor Manifest Implementation-Vendor-Id com.sun Medium Vendor Manifest specification-vendor Eclipse Foundation Low Vendor pom artifactid jakarta.activation Highest Vendor pom artifactid jakarta.activation Low Vendor pom groupid com.sun.activation Highest Vendor pom name Jakarta Activation High Vendor pom parent-artifactid all Low Product file name jakarta.activation High Product jar package name activation Highest Product jar package name javax Highest Product jar package name sun Highest Product Manifest bundle-docurl https://www.eclipse.org Low Product Manifest Bundle-Name Jakarta Activation Medium Product Manifest bundle-symbolicname com.sun.activation.jakarta.activation Medium Product Manifest extension-name jakarta.activation Medium Product Manifest Implementation-Title javax.activation High Product Manifest specification-title Jakarta Activation Specification Medium Product pom artifactid jakarta.activation Highest Product pom groupid com.sun.activation Highest Product pom name Jakarta Activation High Product pom parent-artifactid all Medium Version file version 1.2.2 High Version Manifest Bundle-Version 1.2.2 High Version Manifest Implementation-Version 1.2.2 High Version pom version 1.2.2 Highest
jakarta.activation-api-1.2.2.jarDescription:
Jakarta Activation API jar License:
http://www.eclipse.org/org/documents/edl-v10.php File Path: /home/runner/.m2/repository/jakarta/activation/jakarta.activation-api/1.2.2/jakarta.activation-api-1.2.2.jar
MD5: 1cbb480310fa1987f9db7a3ed7118af7
SHA1: 99f53adba383cb1bf7c3862844488574b559621f
SHA256: a187a939103aef5849a7af84bd7e27be2d120c410af291437375ffe061f4f09d
Referenced In Projects/Scopes: shardingsphere-test-fixture-database:compile shardingsphere-test-it-parser:compile shardingsphere-test-e2e-agent-plugins-metrics-prometheus:compile shardingsphere-test-e2e-agent-plugins-jaeger:compile shardingsphere-test-it:compile shardingsphere-test-util:compile shardingsphere-test-e2e-agent-plugins-logging:compile shardingsphere-test-e2e-sql:compile shardingsphere-test-e2e-agent-plugins:compile shardingsphere-test-e2e-operation:compile shardingsphere-test-it-yaml:compile shardingsphere-test-fixture:compile shardingsphere-test-e2e-agent-plugins-tracing:compile shardingsphere-test-fixture-infra:compile shardingsphere-test-e2e-env:compile shardingsphere-test:compile shardingsphere-test-e2e-fixture:compile shardingsphere-test-it-optimizer:compile shardingsphere-test-e2e-agent-plugins-zipkin:compile shardingsphere-test-e2e-driver:compile shardingsphere-test-it-pipeline:compile shardingsphere-test-e2e-showprocesslist:compile shardingsphere-test-native:compile shardingsphere-test-e2e-transaction:compile shardingsphere-test-e2e:compile shardingsphere-test-e2e-agent-plugins-logging-file:compile shardingsphere-test-e2e-agent:compile shardingsphere-test-e2e-agent-plugins-common:compile shardingsphere-test-it-rewriter:compile shardingsphere-test-e2e-agent-jdbc-project:compile shardingsphere-test-e2e-agent-plugins-metrics:compile shardingsphere-test-e2e-pipeline:compile jakarta.activation-api-1.2.2.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.shardingsphere/shardingsphere-test-it-optimizer@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-util@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-logging@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-fixture@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-tracing@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-native@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-fixture-database@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-logging-file@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-metrics@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-common@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-fixture-infra@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-metrics-prometheus@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-jdbc-project@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-driver@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-transaction@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-env@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-zipkin@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-it@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-it-yaml@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-pipeline@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-fixture@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-jaeger@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-it-rewriter@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-showprocesslist@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-sql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-operation@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-it-parser@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-it-pipeline@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins@5.5.1-SNAPSHOT Evidence Type Source Name Value Confidence Vendor file name jakarta.activation-api High Vendor jar package name activation Highest Vendor Manifest bundle-docurl https://www.eclipse.org Low Vendor Manifest bundle-symbolicname jakarta.activation-api Medium Vendor Manifest extension-name jakarta.activation Medium Vendor Manifest Implementation-Vendor Eclipse Foundation High Vendor Manifest Implementation-Vendor-Id com.sun Medium Vendor Manifest specification-vendor Eclipse Foundation Low Vendor pom artifactid jakarta.activation-api Highest Vendor pom artifactid jakarta.activation-api Low Vendor pom groupid jakarta.activation Highest Vendor pom name Jakarta Activation API jar High Vendor pom parent-artifactid all Low Vendor pom parent-groupid com.sun.activation Medium Product file name jakarta.activation-api High Product jar package name activation Highest Product Manifest bundle-docurl https://www.eclipse.org Low Product Manifest Bundle-Name Jakarta Activation API jar Medium Product Manifest bundle-symbolicname jakarta.activation-api Medium Product Manifest extension-name jakarta.activation Medium Product Manifest Implementation-Title jakarta.activation.jakarta.activation-api High Product Manifest specification-title jakarta.activation.jakarta.activation-api Medium Product pom artifactid jakarta.activation-api Highest Product pom groupid jakarta.activation Highest Product pom name Jakarta Activation API jar High Product pom parent-artifactid all Medium Product pom parent-groupid com.sun.activation Medium Version file version 1.2.2 High Version Manifest Bundle-Version 1.2.2 High Version Manifest Implementation-Version 1.2.2 High Version pom version 1.2.2 Highest
jakarta.transaction-api-1.3.3.jarDescription:
Jakarta Transactions License:
EPL 2.0: http://www.eclipse.org/legal/epl-2.0
GPL2 w/ CPE: https://www.gnu.org/software/classpath/license.html File Path: /home/runner/.m2/repository/jakarta/transaction/jakarta.transaction-api/1.3.3/jakarta.transaction-api-1.3.3.jar
MD5: cc45726045cc9a0728f803f9db4c90c4
SHA1: c4179d48720a1e87202115fbed6089bdc4195405
SHA256: 0b02a194dd04ee2e192dc9da9579e10955dd6e8ac707adfc91d92f119b0e67ab
Referenced In Projects/Scopes: shardingsphere-proxy-backend-opengauss:compile shardingsphere-test-e2e-agent-plugins-metrics-prometheus:compile shardingsphere-transaction-xa-spi:compile shardingsphere-transaction-xa-narayana:compile shardingsphere-test-e2e-agent-plugins-jaeger:compile shardingsphere-agent-metrics-core:provided shardingsphere-proxy-backend-postgresql:compile shardingsphere-agent-logging-type:provided shardingsphere-proxy-native-distribution:compile shardingsphere-agent-tracing-core:provided shardingsphere-test-e2e-sql:compile shardingsphere-proxy-backend-hbase:compile shardingsphere-agent-logging-file:provided shardingsphere-test-e2e-env:compile shardingsphere-test-e2e-fixture:compile shardingsphere-agent-plugin-core:provided shardingsphere-test-e2e-agent-plugins-zipkin:compile shardingsphere-proxy-frontend-opengauss:compile shardingsphere-agent-plugin-logging:provided shardingsphere-proxy-backend-core:compile shardingsphere-test-e2e-showprocesslist:compile shardingsphere-proxy-distribution:compile shardingsphere-test-e2e-transaction:compile shardingsphere-agent-metrics-type:provided shardingsphere-agent-tracing-opentelemetry:provided shardingsphere-proxy-frontend-postgresql:compile shardingsphere-transaction-xa-atomikos:compile shardingsphere-agent-metrics-prometheus:provided shardingsphere-proxy-frontend-mysql:compile shardingsphere-test-e2e-agent-plugins-logging-file:compile shardingsphere-test-e2e-agent-plugins-common:compile shardingsphere-transaction-xa-core:compile shardingsphere-jdbc-distribution:compile shardingsphere-agent-tracing-type:provided shardingsphere-proxy-frontend-core:compile shardingsphere-proxy-bootstrap:compile shardingsphere-proxy-frontend-spi:compile shardingsphere-agent-plugin-metrics:provided shardingsphere-agent-plugins:provided shardingsphere-agent-plugin-tracing:provided shardingsphere-proxy-backend-mysql:compile shardingsphere-test-e2e-pipeline:compile jakarta.transaction-api-1.3.3.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-transaction-xa-narayana@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-transaction-xa-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-transaction-xa-spi@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-env@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-transaction-xa-spi@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-common@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-bootstrap@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-env@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-fixture@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-transaction-xa-spi@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-transaction-xa-spi@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-common@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-fixture@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-fixture@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-bootstrap@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-transaction-xa-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-transaction-xa-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-common@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-common@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-postgresql@5.5.1-SNAPSHOT Evidence Type Source Name Value Confidence Vendor file name jakarta.transaction-api High Vendor jar package name javax Highest Vendor jar package name transaction Highest Vendor Manifest automatic-module-name java.transaction Medium Vendor Manifest bundle-docurl https://github.com/eclipse-ee4j Low Vendor Manifest bundle-symbolicname jakarta.transaction-api Medium Vendor Manifest extension-name javax.transaction Medium Vendor Manifest Implementation-Vendor EE4J Community High Vendor Manifest Implementation-Vendor-Id org.glassfish Medium Vendor Manifest specification-vendor Oracle Corporation Low Vendor pom artifactid jakarta.transaction-api Highest Vendor pom artifactid jakarta.transaction-api Low Vendor pom developer id stephen_felts Medium Vendor pom developer name Stephen Felts Medium Vendor pom developer org Oracle, Inc. Medium Vendor pom groupid jakarta.transaction Highest Vendor pom name API High Vendor pom name ${extension.name} API High Vendor pom organization name EE4J Community High Vendor pom organization url eclipse-ee4j Medium Vendor pom parent-artifactid project Low Vendor pom parent-groupid org.eclipse.ee4j Medium Vendor pom url https://projects.eclipse.org/projects/ee4j.jta Highest Product file name jakarta.transaction-api High Product jar package name javax Highest Product jar package name transaction Highest Product Manifest automatic-module-name java.transaction Medium Product Manifest bundle-docurl https://github.com/eclipse-ee4j Low Product Manifest Bundle-Name javax.transaction API Medium Product Manifest bundle-symbolicname jakarta.transaction-api Medium Product Manifest extension-name javax.transaction Medium Product pom artifactid jakarta.transaction-api Highest Product pom developer id stephen_felts Low Product pom developer name Stephen Felts Low Product pom developer org Oracle, Inc. Low Product pom groupid jakarta.transaction Highest Product pom name API High Product pom name ${extension.name} API High Product pom organization name EE4J Community Low Product pom parent-artifactid project Medium Product pom parent-groupid org.eclipse.ee4j Medium Product pom url eclipse-ee4j High Product pom url https://projects.eclipse.org/projects/ee4j.jta Medium Version file version 1.3.3 High Version Manifest Bundle-Version 1.3.3 High Version Manifest Implementation-Version 1.3.3 High Version pom parent-version 1.3.3 Low Version pom version 1.3.3 Highest
jakarta.xml.bind-api-2.3.3.jarDescription:
Jakarta XML Binding API 2.3 Design Specification License:
http://www.eclipse.org/org/documents/edl-v10.php File Path: /home/runner/.m2/repository/jakarta/xml/bind/jakarta.xml.bind-api/2.3.3/jakarta.xml.bind-api-2.3.3.jar
MD5: 61286918ca0192e9f87d1358aef718dd
SHA1: 48e3b9cfc10752fba3521d6511f4165bea951801
SHA256: c04539f472e9a6dd0c7685ea82d677282269ab8e7baca2e14500e381e0c6cec5
Referenced In Projects/Scopes: shardingsphere-test-fixture-database:compile shardingsphere-test-it-parser:compile shardingsphere-test-e2e-agent-plugins-metrics-prometheus:compile shardingsphere-test-e2e-agent-plugins-jaeger:compile shardingsphere-test-it:compile shardingsphere-test-util:compile shardingsphere-test-e2e-agent-plugins-logging:compile shardingsphere-test-e2e-sql:compile shardingsphere-test-e2e-agent-plugins:compile shardingsphere-test-e2e-operation:compile shardingsphere-test-it-yaml:compile shardingsphere-test-fixture:compile shardingsphere-test-e2e-agent-plugins-tracing:compile shardingsphere-test-fixture-infra:compile shardingsphere-test-e2e-env:compile shardingsphere-test:compile shardingsphere-test-e2e-fixture:compile shardingsphere-test-it-optimizer:compile shardingsphere-test-e2e-agent-plugins-zipkin:compile shardingsphere-test-e2e-driver:compile shardingsphere-test-it-pipeline:compile shardingsphere-test-e2e-showprocesslist:compile shardingsphere-test-native:compile shardingsphere-test-e2e-transaction:compile shardingsphere-test-e2e:compile shardingsphere-test-e2e-agent-plugins-logging-file:compile shardingsphere-test-e2e-agent:compile shardingsphere-test-e2e-agent-plugins-common:compile shardingsphere-test-it-rewriter:compile shardingsphere-test-e2e-agent-jdbc-project:compile shardingsphere-test-e2e-agent-plugins-metrics:compile shardingsphere-test-e2e-pipeline:compile jakarta.xml.bind-api-2.3.3.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.shardingsphere/shardingsphere-test-it@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-transaction@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-zipkin@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-metrics-prometheus@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-native@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-logging-file@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-fixture@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-metrics@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-jdbc-project@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-common@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-it-rewriter@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-sql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-driver@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-logging@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-util@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-operation@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-fixture@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-fixture-database@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-it-optimizer@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-env@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-it-yaml@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-tracing@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-showprocesslist@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-it-pipeline@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-jaeger@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-pipeline@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-fixture-infra@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-it-parser@5.5.1-SNAPSHOT Evidence Type Source Name Value Confidence Vendor file name jakarta.xml.bind-api High Vendor jar package name bind Highest Vendor jar package name xml Highest Vendor Manifest build-jdk-spec 11 Low Vendor Manifest bundle-docurl https://www.eclipse.org Low Vendor Manifest bundle-symbolicname jakarta.xml.bind-api Medium Vendor Manifest extension-name jakarta.xml.bind Medium Vendor Manifest implementation-build-id 2.3.3-RELEASE-fd06b2b Low Vendor Manifest multi-release true Low Vendor Manifest specification-vendor Eclipse Foundation Low Vendor pom artifactid jakarta.xml.bind-api Highest Vendor pom artifactid jakarta.xml.bind-api Low Vendor pom groupid jakarta.xml.bind Highest Vendor pom name Jakarta XML Binding API High Vendor pom parent-artifactid jakarta.xml.bind-api-parent Low Product file name jakarta.xml.bind-api High Product jar package name bind Highest Product jar package name xml Highest Product Manifest build-jdk-spec 11 Low Product Manifest bundle-docurl https://www.eclipse.org Low Product Manifest Bundle-Name Jakarta XML Binding API Medium Product Manifest bundle-symbolicname jakarta.xml.bind-api Medium Product Manifest extension-name jakarta.xml.bind Medium Product Manifest implementation-build-id 2.3.3-RELEASE-fd06b2b Low Product Manifest multi-release true Low Product pom artifactid jakarta.xml.bind-api Highest Product pom groupid jakarta.xml.bind Highest Product pom name Jakarta XML Binding API High Product pom parent-artifactid jakarta.xml.bind-api-parent Medium Version file version 2.3.3 High Version Manifest Bundle-Version 2.3.3 High Version Manifest Implementation-Version 2.3.3 High Version pom version 2.3.3 Highest
jamon-runtime-2.3.1.jarDescription:
Jamon runtime support classes File Path: /home/runner/.m2/repository/org/jamon/jamon-runtime/2.3.1/jamon-runtime-2.3.1.jarMD5: 56548cf7466847c15795691247173f8cSHA1: ae23df9c0953b12ba1b799e42ebd1a281fabcd8cSHA256: 2a3d1a9f1929833b1e889e59277d94f4b08eb94b9f1058b745aeacb78536367fReferenced In Project/Scope: shardingsphere-infra-database-hive:providedjamon-runtime-2.3.1.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.hive/hive-jdbc@3.1.3
Evidence Type Source Name Value Confidence Vendor file name jamon-runtime High Vendor jar package name jamon Highest Vendor jar package name jamon Low Vendor pom artifactid jamon-runtime Highest Vendor pom artifactid jamon-runtime Low Vendor pom groupid org.jamon Highest Vendor pom name jamon-runtime High Vendor pom parent-artifactid jamon-project Low Product file name jamon-runtime High Product jar package name jamon Highest Product pom artifactid jamon-runtime Highest Product pom groupid org.jamon Highest Product pom name jamon-runtime High Product pom parent-artifactid jamon-project Medium Version file version 2.3.1 High Version pom parent-version 2.3.1 Low Version pom version 2.3.1 Highest
janino-3.1.9.jarDescription:
The "JANINO" implementation of the "commons-compiler" API: Super-small, super-fast, independent from the JDK's "tools.jar". License:
https://spdx.org/licenses/BSD-3-Clause.html File Path: /home/runner/.m2/repository/org/codehaus/janino/janino/3.1.9/janino-3.1.9.jar
MD5: 597cbcd4d0b8273552758c50bf423926
SHA1: 536fb0c44627faae32ca7a8a24734f4aab38c878
SHA256: 7df88d90aa165ab48bdebea425fa009eeef04918c82e98cdbea5e747e114508d
Referenced In Projects/Scopes: shardingsphere-proxy-frontend-mysql:runtime shardingsphere-proxy-frontend-postgresql:runtime shardingsphere-agent-metrics-core:provided shardingsphere-proxy-frontend-core:runtime shardingsphere-agent-tracing-core:provided shardingsphere-agent-logging-file:provided shardingsphere-data-pipeline-postgresql:runtime shardingsphere-sql-federation-core:runtime shardingsphere-test-e2e-transaction:runtime shardingsphere-agent-plugin-core:provided shardingsphere-proxy-backend-opengauss:runtime shardingsphere-test-e2e-agent-plugins-logging-file:runtime shardingsphere-agent-plugin-logging:provided shardingsphere-proxy-backend-hbase:runtime shardingsphere-agent-metrics-type:provided shardingsphere-agent-tracing-opentelemetry:provided shardingsphere-proxy-frontend-spi:runtime shardingsphere-test-e2e-showprocesslist:runtime shardingsphere-test-e2e-agent-jdbc-project:runtime shardingsphere-agent-tracing-type:provided shardingsphere-data-pipeline-cdc-core:runtime shardingsphere-test-e2e-agent-plugins-jaeger:runtime shardingsphere-sql-federation-executor:runtime shardingsphere-agent-plugins:provided shardingsphere-data-pipeline-core:runtime shardingsphere-agent-plugin-tracing:provided shardingsphere-proxy-distribution:runtime shardingsphere-agent-logging-type:provided shardingsphere-test-e2e-pipeline:runtime shardingsphere-test-it-pipeline:runtime shardingsphere-data-pipeline-scenario-migration:runtime shardingsphere-jdbc:runtime shardingsphere-sql-federation-distsql-handler:runtime shardingsphere-test-e2e-fixture:runtime shardingsphere-data-pipeline-opengauss:runtime shardingsphere-data-pipeline-distsql-handler:runtime shardingsphere-jdbc-distribution:runtime shardingsphere-test-it-optimizer:runtime shardingsphere-test-e2e-sql:runtime shardingsphere-proxy-native-distribution:runtime shardingsphere-test-e2e-agent-plugins-zipkin:runtime shardingsphere-test-e2e-agent-plugins-metrics-prometheus:runtime shardingsphere-test-e2e-env:runtime shardingsphere-proxy-backend-mysql:runtime shardingsphere-data-pipeline-scenario-consistencycheck:runtime shardingsphere-sql-federation-optimizer:runtime shardingsphere-proxy-backend-core:runtime shardingsphere-test-e2e-driver:runtime shardingsphere-agent-metrics-prometheus:provided shardingsphere-proxy-bootstrap:runtime shardingsphere-proxy-frontend-opengauss:runtime shardingsphere-proxy-backend-postgresql:runtime shardingsphere-agent-plugin-metrics:provided shardingsphere-test-e2e-agent-plugins-common:runtime janino-3.1.9.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-common@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-sql-federation-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-sql-federation-optimizer@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-fixture@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-jdbc@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-sql-federation-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-env@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-env@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-sql-federation-optimizer@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-scenario-consistencycheck@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-postgresql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-jdbc@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-jdbc@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-jdbc@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-bootstrap@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-common@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-jdbc@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-jdbc@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.calcite/calcite-core@1.35.0 pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-postgresql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-jdbc@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-bootstrap@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-sql-federation-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-common@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-jdbc@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-fixture@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-common@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-sql-federation-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-jdbc@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-core@5.5.1-SNAPSHOT Evidence Type Source Name Value Confidence Vendor file name janino High Vendor jar package name codehaus Highest Vendor jar package name compiler Highest Vendor jar package name janino Highest Vendor jar package name tools Highest Vendor Manifest bundle-symbolicname org.codehaus.janino.janino;singleton:=true Medium Vendor Manifest require-bundle org.codehaus.janino.commons-compiler Low Vendor pom artifactid janino Highest Vendor pom artifactid janino Low Vendor pom groupid org.codehaus.janino Highest Vendor pom name janino High Vendor pom parent-artifactid janino-parent Low Product file name janino High Product jar package name codehaus Highest Product jar package name compiler Highest Product jar package name janino Highest Product jar package name java Highest Product jar package name tools Highest Product Manifest Bundle-Name janino Medium Product Manifest bundle-symbolicname org.codehaus.janino.janino;singleton:=true Medium Product Manifest require-bundle org.codehaus.janino.commons-compiler Low Product pom artifactid janino Highest Product pom groupid org.codehaus.janino Highest Product pom name janino High Product pom parent-artifactid janino-parent Medium Version file version 3.1.9 High Version Manifest Bundle-Version 3.1.9 High Version pom version 3.1.9 Highest
CVE-2023-33546 suppress
Janino 3.1.9 and earlier are subject to denial of service (DOS) attacks when using the expression evaluator.guess parameter name method. If the parser runs on user-supplied input, an attacker could supply content that causes the parser to crash due to a stack overflow. NOTE: this is disputed by multiple parties because Janino is not intended for use with untrusted input. CWE-787 Out-of-bounds Write
CVSSv3:
Base Score: MEDIUM (5.5) Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:1.8/RC:R/MAV:A References:
Vulnerable Software & Versions:
java-util-2.4.0.jar javassist-3.20.0-GA.jarDescription:
Javassist (JAVA programming ASSISTant) makes Java bytecode manipulation
simple. It is a class library for editing bytecodes in Java.
License:
MPL 1.1: http://www.mozilla.org/MPL/MPL-1.1.html
LGPL 2.1: http://www.gnu.org/licenses/lgpl-2.1.html
Apache License 2.0: http://www.apache.org/licenses/ File Path: /home/runner/.m2/repository/org/javassist/javassist/3.20.0-GA/javassist-3.20.0-GA.jar
MD5: a89dd7907d76e061ec2c07e762a74256
SHA1: a9cbcdfb7e9f86fbc74d3afae65f2248bfbf82a0
SHA256: d7691062fb779c2381640c8f72acba2c23873b01c243866d41c15dc4c8848ea2
Referenced In Project/Scope: shardingsphere-infra-database-hive:provided
javassist-3.20.0-GA.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.hive/hive-jdbc@3.1.3
Evidence Type Source Name Value Confidence Vendor file name javassist High Vendor jar package name bytecode Highest Vendor jar package name javassist Highest Vendor Manifest bundle-symbolicname javassist Medium Vendor Manifest specification-vendor Shigeru Chiba, www.javassist.org Low Vendor pom artifactid javassist Highest Vendor pom artifactid javassist Low Vendor pom developer email adinn@redhat.com Low Vendor pom developer email chiba@javassist.org Low Vendor pom developer email kabir.khan@jboss.com Low Vendor pom developer email smarlow@redhat.com Low Vendor pom developer id adinn Medium Vendor pom developer id chiba Medium Vendor pom developer id kabir.khan@jboss.com Medium Vendor pom developer id scottmarlow Medium Vendor pom developer name Andrew Dinn Medium Vendor pom developer name Kabir Khan Medium Vendor pom developer name Scott Marlow Medium Vendor pom developer name Shigeru Chiba Medium Vendor pom developer org JBoss Medium Vendor pom developer org The Javassist Project Medium Vendor pom developer org URL http://www.javassist.org/ Medium Vendor pom developer org URL http://www.jboss.org/ Medium Vendor pom groupid org.javassist Highest Vendor pom name Javassist High Vendor pom organization name Shigeru Chiba, www.javassist.org High Vendor pom url http://www.javassist.org/ Highest Product file name javassist High Product jar package name bytecode Highest Product jar package name javassist Highest Product Manifest Bundle-Name Javassist Medium Product Manifest bundle-symbolicname javassist Medium Product Manifest specification-title Javassist Medium Product pom artifactid javassist Highest Product pom developer email adinn@redhat.com Low Product pom developer email chiba@javassist.org Low Product pom developer email kabir.khan@jboss.com Low Product pom developer email smarlow@redhat.com Low Product pom developer id adinn Low Product pom developer id chiba Low Product pom developer id kabir.khan@jboss.com Low Product pom developer id scottmarlow Low Product pom developer name Andrew Dinn Low Product pom developer name Kabir Khan Low Product pom developer name Scott Marlow Low Product pom developer name Shigeru Chiba Low Product pom developer org JBoss Low Product pom developer org The Javassist Project Low Product pom developer org URL http://www.javassist.org/ Low Product pom developer org URL http://www.jboss.org/ Low Product pom groupid org.javassist Highest Product pom name Javassist High Product pom organization name Shigeru Chiba, www.javassist.org Low Product pom url http://www.javassist.org/ Medium Version Manifest specification-version 3.20.0-GA High Version pom version 3.20.0-GA Highest
javax.annotation-api-1.2.jarDescription:
Common Annotations for the JavaTM Platform API License:
CDDL + GPLv2 with classpath exception: https://glassfish.dev.java.net/nonav/public/CDDL+GPL.html File Path: /home/runner/.m2/repository/javax/annotation/javax.annotation-api/1.2/javax.annotation-api-1.2.jar
MD5: 75fe320d2b3763bd6883ae1ede35e987
SHA1: 479c1e06db31c432330183f5cae684163f186146
SHA256: 5909b396ca3a2be10d0eea32c74ef78d816e1b4ead21de1d78de1f890d033e04
Referenced In Project/Scope: shardingsphere-infra-database-hive:provided
javax.annotation-api-1.2.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.hive/hive-jdbc@3.1.3
Evidence Type Source Name Value Confidence Vendor file name javax.annotation-api High Vendor jar package name annotation Highest Vendor jar package name javax Highest Vendor Manifest bundle-docurl https://glassfish.java.net Low Vendor Manifest bundle-symbolicname javax.annotation-api Medium Vendor Manifest extension-name javax.annotation Medium Vendor Manifest Implementation-Vendor GlassFish Community High Vendor Manifest Implementation-Vendor-Id org.glassfish Medium Vendor Manifest specification-vendor Oracle Corporation Low Vendor pom artifactid javax.annotation-api Highest Vendor pom artifactid javax.annotation-api Low Vendor pom developer id mode Medium Vendor pom developer name Rajiv Mordani Medium Vendor pom developer org Oracle, Inc. Medium Vendor pom groupid javax.annotation Highest Vendor pom name API High Vendor pom name ${extension.name} API High Vendor pom organization name GlassFish Community High Vendor pom organization url https://glassfish.java.net Medium Vendor pom parent-artifactid jvnet-parent Low Vendor pom parent-groupid net.java Medium Vendor pom url http://jcp.org/en/jsr/detail?id=250 Highest Product file name javax.annotation-api High Product jar package name annotation Highest Product jar package name javax Highest Product Manifest bundle-docurl https://glassfish.java.net Low Product Manifest Bundle-Name javax.annotation API Medium Product Manifest bundle-symbolicname javax.annotation-api Medium Product Manifest extension-name javax.annotation Medium Product pom artifactid javax.annotation-api Highest Product pom developer id mode Low Product pom developer name Rajiv Mordani Low Product pom developer org Oracle, Inc. Low Product pom groupid javax.annotation Highest Product pom name API High Product pom name ${extension.name} API High Product pom organization name GlassFish Community Low Product pom organization url https://glassfish.java.net Low Product pom parent-artifactid jvnet-parent Medium Product pom parent-groupid net.java Medium Product pom url http://jcp.org/en/jsr/detail?id=250 Medium Version file version 1.2 High Version Manifest Bundle-Version 1.2 High Version Manifest Implementation-Version 1.2 High Version pom parent-version 1.2 Low Version pom version 1.2 Highest
javax.annotation-api-1.3.2.jarDescription:
Common Annotations for the JavaTM Platform API License:
CDDL + GPLv2 with classpath exception: https://github.com/javaee/javax.annotation/blob/master/LICENSE File Path: /home/runner/.m2/repository/javax/annotation/javax.annotation-api/1.3.2/javax.annotation-api-1.3.2.jar
MD5: 2ab1973eefffaa2aeec47d50b9e40b9d
SHA1: 934c04d3cfef185a8008e7bf34331b79730a9d43
SHA256: e04ba5195bcd555dc95650f7cc614d151e4bcd52d29a10b8aa2197f3ab89ab9b
Referenced In Project/Scope: shardingsphere-transaction-base-seata-at:provided
javax.annotation-api-1.3.2.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/io.seata/seata-all@2.0.0
Evidence Type Source Name Value Confidence Vendor file name javax.annotation-api High Vendor jar package name annotation Highest Vendor jar package name javax Highest Vendor Manifest automatic-module-name java.annotation Medium Vendor Manifest bundle-docurl https://javaee.github.io/glassfish Low Vendor Manifest bundle-symbolicname javax.annotation-api Medium Vendor Manifest extension-name javax.annotation Medium Vendor Manifest Implementation-Vendor GlassFish Community High Vendor Manifest Implementation-Vendor-Id org.glassfish Medium Vendor Manifest specification-vendor Oracle Corporation Low Vendor pom artifactid javax.annotation-api Highest Vendor pom artifactid javax.annotation-api Low Vendor pom developer id ldemichiel Medium Vendor pom developer name Linda De Michiel Medium Vendor pom developer org Oracle Corp. Medium Vendor pom groupid javax.annotation Highest Vendor pom name API High Vendor pom name ${extension.name} API High Vendor pom organization name GlassFish Community High Vendor pom organization url https://javaee.github.io/glassfish Medium Vendor pom parent-artifactid jvnet-parent Low Vendor pom parent-groupid net.java Medium Vendor pom url http://jcp.org/en/jsr/detail?id=250 Highest Product file name javax.annotation-api High Product jar package name annotation Highest Product jar package name javax Highest Product Manifest automatic-module-name java.annotation Medium Product Manifest bundle-docurl https://javaee.github.io/glassfish Low Product Manifest Bundle-Name javax.annotation API Medium Product Manifest bundle-symbolicname javax.annotation-api Medium Product Manifest extension-name javax.annotation Medium Product pom artifactid javax.annotation-api Highest Product pom developer id ldemichiel Low Product pom developer name Linda De Michiel Low Product pom developer org Oracle Corp. Low Product pom groupid javax.annotation Highest Product pom name API High Product pom name ${extension.name} API High Product pom organization name GlassFish Community Low Product pom organization url https://javaee.github.io/glassfish Low Product pom parent-artifactid jvnet-parent Medium Product pom parent-groupid net.java Medium Product pom url http://jcp.org/en/jsr/detail?id=250 Medium Version file version 1.3.2 High Version Manifest Bundle-Version 1.3.2 High Version Manifest Implementation-Version 1.3.2 High Version pom parent-version 1.3.2 Low Version pom version 1.3.2 Highest
javax.inject-1.jarDescription:
The javax.inject API License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/runner/.m2/repository/javax/inject/javax.inject/1/javax.inject-1.jar
MD5: 289075e48b909e9e74e6c915b3631d2e
SHA1: 6975da39a7040257bd51d21a231b76c915872d38
SHA256: 91c77044a50c481636c32d916fd89c9118a72195390452c81065080f957de7ff
Referenced In Project/Scope: shardingsphere-infra-database-hive:provided
javax.inject-1.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.hive/hive-jdbc@3.1.3
Evidence Type Source Name Value Confidence Vendor file name javax.inject-1 High Vendor jar package name inject Highest Vendor jar package name inject Low Vendor jar package name javax Highest Vendor jar package name javax Low Vendor pom artifactid javax.inject Highest Vendor pom artifactid javax.inject Low Vendor pom groupid javax.inject Highest Vendor pom name javax.inject High Vendor pom url http://code.google.com/p/atinject/ Highest Product file name javax.inject-1 High Product jar package name inject Highest Product jar package name inject Low Product jar package name javax Highest Product pom artifactid javax.inject Highest Product pom groupid javax.inject Highest Product pom name javax.inject High Product pom url http://code.google.com/p/atinject/ Medium Version file version 1 Medium Version pom version 1 Highest
javax.inject-2.5.0-b32.jarDescription:
Injection API (JSR 330) version repackaged as OSGi bundle License:
https://glassfish.java.net/nonav/public/CDDL+GPL_1_1.html File Path: /home/runner/.m2/repository/org/glassfish/hk2/external/javax.inject/2.5.0-b32/javax.inject-2.5.0-b32.jar
MD5: b7e8633eb1e5aad9f44a37a3f3bfa8f5
SHA1: b2fa50c8186a38728c35fe6a9da57ce4cc806923
SHA256: 437c92cf50a0efa6b501b8939b5b92ede7cfe4455cf06b68ec69d1b21ab921ed
Referenced In Project/Scope: shardingsphere-infra-database-hive:provided
javax.inject-2.5.0-b32.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.hive/hive-jdbc@3.1.3
Evidence Type Source Name Value Confidence Vendor file name javax.inject High Vendor jar package name inject Highest Vendor jar package name javax Highest Vendor Manifest bundle-docurl http://www.oracle.com Low Vendor Manifest bundle-symbolicname org.glassfish.hk2.external.javax.inject Medium Vendor pom artifactid javax.inject Highest Vendor pom artifactid javax.inject Low Vendor pom groupid org.glassfish.hk2.external Highest Vendor pom name javax.inject: as OSGi bundle High Vendor pom name javax.inject:${javax-inject.version} as OSGi bundle High Vendor pom parent-artifactid external Low Vendor pom parent-groupid org.glassfish.hk2 Medium Product file name javax.inject High Product jar package name inject Highest Product jar package name javax Highest Product Manifest bundle-docurl http://www.oracle.com Low Product Manifest Bundle-Name javax.inject:1 as OSGi bundle Medium Product Manifest bundle-symbolicname org.glassfish.hk2.external.javax.inject Medium Product pom artifactid javax.inject Highest Product pom groupid org.glassfish.hk2.external Highest Product pom name javax.inject: as OSGi bundle High Product pom name javax.inject:${javax-inject.version} as OSGi bundle High Product pom parent-artifactid external Medium Product pom parent-groupid org.glassfish.hk2 Medium Version pom version 2.5.0-b32 Highest
javax.jdo-3.2.0-m3.jarDescription:
The Java Data Objects API (JDO) : a standard interface-based Java model abstraction of persistence, developed by the JCP. License:
http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/runner/.m2/repository/org/datanucleus/javax.jdo/3.2.0-m3/javax.jdo-3.2.0-m3.jar
MD5: 53e1eac14fa3a58cf0054f03373af8f4
SHA1: c911b22710a8f77541a966615033b4ab943fd6f3
SHA256: b0e338881376e4588f7564ae2dcc91737148e7c950873f6b0b899cbf0feef80b
Referenced In Project/Scope: shardingsphere-infra-database-hive:provided
javax.jdo-3.2.0-m3.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.hive/hive-jdbc@3.1.3
Evidence Type Source Name Value Confidence Vendor file name javax.jdo High Vendor jar package name javax Highest Vendor jar package name jdo Highest Vendor Manifest bundle-symbolicname javax.jdo;singleton:=true Medium Vendor pom artifactid javax.jdo Highest Vendor pom artifactid javax.jdo Low Vendor pom groupid org.datanucleus Highest Vendor pom name JDO API High Vendor pom parent-artifactid datanucleus-maven-parent Low Product file name javax.jdo High Product jar package name javax Highest Product jar package name jdo Highest Product Manifest Bundle-Name JDO API Medium Product Manifest bundle-symbolicname javax.jdo;singleton:=true Medium Product pom artifactid javax.jdo Highest Product pom groupid org.datanucleus Highest Product pom name JDO API High Product pom parent-artifactid datanucleus-maven-parent Medium Version pom parent-version 3.2.0-m3 Low Version pom version 3.2.0-m3 Highest
javax.json-1.0.4.jarDescription:
Default provider for JSR 353:Java API for Processing JSON License:
https://glassfish.java.net/public/CDDL+GPL_1_1.html File Path: /home/runner/.m2/repository/org/glassfish/javax.json/1.0.4/javax.json-1.0.4.jar
MD5: 569870f975deeeb6691fcb9bc02a9555
SHA1: 3178f73569fd7a1e5ffc464e680f7a8cc784b85a
SHA256: 0e1dec40a1ede965941251eda968aeee052cc4f50378bc316cc48e8159bdbeb4
Referenced In Project/Scope: shardingsphere-transaction-base-seata-at:provided
javax.json-1.0.4.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/io.seata/seata-all@2.0.0
Evidence Type Source Name Value Confidence Vendor file name javax.json High Vendor jar package name api Highest Vendor jar package name glassfish Highest Vendor jar package name javax Highest Vendor jar package name json Highest Vendor Manifest bundle-docurl http://www.oracle.com Low Vendor Manifest bundle-symbolicname org.glassfish.javax.json Medium Vendor Manifest extension-name javax.json Medium Vendor pom artifactid javax.json Highest Vendor pom artifactid javax.json Low Vendor pom groupid org.glassfish Highest Vendor pom name JSR 353 (JSON Processing) Default Provider High Vendor pom parent-artifactid json Low Vendor pom url http://jsonp.java.net Highest Product file name javax.json High Product jar package name api Highest Product jar package name glassfish Highest Product jar package name javax Highest Product jar package name json Highest Product Manifest bundle-docurl http://www.oracle.com Low Product Manifest Bundle-Name JSR 353 (JSON Processing) Default Provider Medium Product Manifest bundle-symbolicname org.glassfish.javax.json Medium Product Manifest extension-name javax.json Medium Product pom artifactid javax.json Highest Product pom groupid org.glassfish Highest Product pom name JSR 353 (JSON Processing) Default Provider High Product pom parent-artifactid json Medium Product pom url http://jsonp.java.net Medium Version file version 1.0.4 High Version Manifest Bundle-Version 1.0.4 High Version Manifest Implementation-Version 1.0.4 High Version pom version 1.0.4 Highest
javax.servlet-api-3.1.0.jarDescription:
Java(TM) Servlet 3.1 API Design Specification License:
CDDL + GPLv2 with classpath exception: https://glassfish.dev.java.net/nonav/public/CDDL+GPL.html File Path: /home/runner/.m2/repository/javax/servlet/javax.servlet-api/3.1.0/javax.servlet-api-3.1.0.jar
MD5: 79de69e9f5ed8c7fcb8342585732bbf7
SHA1: 3cd63d075497751784b2fa84be59432f4905bf7c
SHA256: af456b2dd41c4e82cf54f3e743bc678973d9fe35bd4d3071fa05c7e5333b8482
Referenced In Project/Scope: shardingsphere-infra-database-hive:provided
javax.servlet-api-3.1.0.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.hive/hive-jdbc@3.1.3
Evidence Type Source Name Value Confidence Vendor file name javax.servlet-api High Vendor jar package name javax Highest Vendor jar package name servlet Highest Vendor Manifest bundle-docurl https://glassfish.dev.java.net Low Vendor Manifest bundle-symbolicname javax.servlet-api Medium Vendor Manifest extension-name javax.servlet Medium Vendor Manifest Implementation-Vendor GlassFish Community High Vendor Manifest Implementation-Vendor-Id org.glassfish Medium Vendor Manifest specification-vendor Oracle Corporation Low Vendor pom artifactid javax.servlet-api Highest Vendor pom artifactid javax.servlet-api Low Vendor pom developer id mode Medium Vendor pom developer id swchan2 Medium Vendor pom developer name Rajiv Mordani Medium Vendor pom developer name Shing Wai Chan Medium Vendor pom developer org Oracle Medium Vendor pom groupid javax.servlet Highest Vendor pom name Java Servlet API High Vendor pom organization name GlassFish Community High Vendor pom organization url https://glassfish.dev.java.net Medium Vendor pom parent-artifactid jvnet-parent Low Vendor pom parent-groupid net.java Medium Vendor pom url http://servlet-spec.java.net Highest Vendor pom (hint) developer org sun Medium Product file name javax.servlet-api High Product jar package name javax Highest Product jar package name servlet Highest Product Manifest bundle-docurl https://glassfish.dev.java.net Low Product Manifest Bundle-Name Java Servlet API Medium Product Manifest bundle-symbolicname javax.servlet-api Medium Product Manifest extension-name javax.servlet Medium Product pom artifactid javax.servlet-api Highest Product pom developer id mode Low Product pom developer id swchan2 Low Product pom developer name Rajiv Mordani Low Product pom developer name Shing Wai Chan Low Product pom developer org Oracle Low Product pom groupid javax.servlet Highest Product pom name Java Servlet API High Product pom organization name GlassFish Community Low Product pom organization url https://glassfish.dev.java.net Low Product pom parent-artifactid jvnet-parent Medium Product pom parent-groupid net.java Medium Product pom url http://servlet-spec.java.net Medium Version file version 3.1.0 High Version Manifest Bundle-Version 3.1.0 High Version Manifest Implementation-Version 3.1.0 High Version pom parent-version 3.1.0 Low Version pom version 3.1.0 Highest
javax.servlet.jsp-2.3.2.jarDescription:
Java.net - The Source for Java Technology Collaboration License:
CDDL + GPLv2 with classpath exception: http://glassfish.dev.java.net/nonav/public/CDDL+GPL.html File Path: /home/runner/.m2/repository/org/glassfish/web/javax.servlet.jsp/2.3.2/javax.servlet.jsp-2.3.2.jar
MD5: fa21e48138803802e3ea2293b79fda47
SHA1: 613f624102267b1397e845b3181a72273bd6f399
SHA256: 197a9f8ed0b8c72a900e1dd3045ec03e0dcc33a2c9615eb0965bbf79df1cc460
Referenced In Project/Scope: shardingsphere-infra-database-hive:provided
javax.servlet.jsp-2.3.2.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.hive/hive-jdbc@3.1.3
Evidence Type Source Name Value Confidence Vendor file name javax.servlet.jsp High Vendor jar package name glassfish Highest Vendor jar package name jsp Highest Vendor jar package name servlet Highest Vendor Manifest bundle-docurl http://glassfish.org Low Vendor Manifest bundle-symbolicname org.glassfish.web.javax.servlet.jsp Medium Vendor Manifest extension-name javax.servlet.jsp Medium Vendor Manifest Implementation-Vendor Oracle Corporation High Vendor Manifest specification-vendor Oracle Corporation Low Vendor pom artifactid javax.servlet.jsp Highest Vendor pom artifactid javax.servlet.jsp Low Vendor pom developer id kchung Medium Vendor pom developer name Kin-man Chung Medium Vendor pom developer org Oracle Corporation Medium Vendor pom groupid org.glassfish.web Highest Vendor pom name JSP implementation High Vendor pom organization name GlassFish Community High Vendor pom organization url http://glassfish.org Medium Vendor pom parent-artifactid jvnet-parent Low Vendor pom parent-groupid net.java Medium Vendor pom url http://jsp.java.net Highest Product file name javax.servlet.jsp High Product jar package name glassfish Highest Product jar package name jsp Highest Product jar package name servlet Highest Product Manifest bundle-docurl http://glassfish.org Low Product Manifest Bundle-Name JSP implementation Medium Product Manifest bundle-symbolicname org.glassfish.web.javax.servlet.jsp Medium Product Manifest extension-name javax.servlet.jsp Medium Product pom artifactid javax.servlet.jsp Highest Product pom developer id kchung Low Product pom developer name Kin-man Chung Low Product pom developer org Oracle Corporation Low Product pom groupid org.glassfish.web Highest Product pom name JSP implementation High Product pom organization name GlassFish Community Low Product pom organization url http://glassfish.org Low Product pom parent-artifactid jvnet-parent Medium Product pom parent-groupid net.java Medium Product pom url http://jsp.java.net Medium Version file version 2.3.2 High Version Manifest Bundle-Version 2.3.2 High Version Manifest Implementation-Version 2.3.2 High Version pom parent-version 2.3.2 Low Version pom version 2.3.2 Highest
javax.servlet.jsp-api-2.3.1.jarDescription:
Java.net - The Source for Java Technology Collaboration License:
CDDL + GPLv2 with classpath exception: http://glassfish.dev.java.net/nonav/public/CDDL+GPL.html File Path: /home/runner/.m2/repository/javax/servlet/jsp/javax.servlet.jsp-api/2.3.1/javax.servlet.jsp-api-2.3.1.jar
MD5: 2c407d9df1dc0ca76058ae1602e99f08
SHA1: 95c630902565feda8155eb32d46064ef348435fc
SHA256: b1306f5cc721e25e290d2b244af7bfb870a7e072bd32f17350712d1626a74f4b
Referenced In Project/Scope: shardingsphere-infra-database-hive:provided
javax.servlet.jsp-api-2.3.1.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.hive/hive-jdbc@3.1.3
Evidence Type Source Name Value Confidence Vendor file name javax.servlet.jsp-api High Vendor jar package name javax Highest Vendor jar package name jsp Highest Vendor jar package name servlet Highest Vendor Manifest bundle-docurl http://glassfish.org Low Vendor Manifest bundle-symbolicname javax.servlet.jsp-api Medium Vendor Manifest extension-name javax.servlet.jsp Medium Vendor Manifest Implementation-Vendor Oracle Corporation High Vendor Manifest specification-vendor Oracle Corporation Low Vendor pom artifactid javax.servlet.jsp-api Highest Vendor pom artifactid javax.servlet.jsp-api Low Vendor pom developer id kchung Medium Vendor pom developer name Kin-man Chung Medium Vendor pom developer org Oracle Corporation Medium Vendor pom groupid javax.servlet.jsp Highest Vendor pom name JavaServer Pages(TM) API High Vendor pom organization name GlassFish Community High Vendor pom organization url http://glassfish.org Medium Vendor pom parent-artifactid jvnet-parent Low Vendor pom parent-groupid net.java Medium Vendor pom url http://jsp.java.net Highest Product file name javax.servlet.jsp-api High Product jar package name javax Highest Product jar package name jsp Highest Product jar package name servlet Highest Product Manifest bundle-docurl http://glassfish.org Low Product Manifest Bundle-Name JavaServer Pages(TM) API Medium Product Manifest bundle-symbolicname javax.servlet.jsp-api Medium Product Manifest extension-name javax.servlet.jsp Medium Product pom artifactid javax.servlet.jsp-api Highest Product pom developer id kchung Low Product pom developer name Kin-man Chung Low Product pom developer org Oracle Corporation Low Product pom groupid javax.servlet.jsp Highest Product pom name JavaServer Pages(TM) API High Product pom organization name GlassFish Community Low Product pom organization url http://glassfish.org Low Product pom parent-artifactid jvnet-parent Medium Product pom parent-groupid net.java Medium Product pom url http://jsp.java.net Medium Version file version 2.3.1 High Version Manifest Bundle-Version 2.3.1 High Version Manifest Implementation-Version 2.3.1 High Version pom parent-version 2.3.1 Low Version pom version 2.3.1 Highest
javax.ws.rs-api-2.0.1.jarDescription:
Java API for RESTful Web Services (JAX-RS) License:
CDDL 1.1: http://glassfish.java.net/public/CDDL+GPL_1_1.html
GPL2 w/ CPE: http://glassfish.java.net/public/CDDL+GPL_1_1.html File Path: /home/runner/.m2/repository/javax/ws/rs/javax.ws.rs-api/2.0.1/javax.ws.rs-api-2.0.1.jar
MD5: edcd111cf4d3ba8ac8e1f326efc37a17
SHA1: 104e9c2b5583cfcfeac0402316221648d6d8ea6b
SHA256: 38607d626f2288d8fbc1b1f8a62c369e63806d9a313ac7cbc5f9d6c94f4b466d
Referenced In Project/Scope: shardingsphere-infra-database-hive:provided
javax.ws.rs-api-2.0.1.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.hive/hive-jdbc@3.1.3
Evidence Type Source Name Value Confidence Vendor file name javax.ws.rs-api High Vendor hint analyzer vendor web services Medium Vendor jar package name javax Highest Vendor jar package name rs Highest Vendor jar package name ws Highest Vendor Manifest bundle-docurl http://www.oracle.com/ Low Vendor Manifest bundle-symbolicname javax.ws.rs-api Medium Vendor Manifest extension-name javax.ws.rs Medium Vendor Manifest specification-vendor Oracle Corporation Low Vendor pom artifactid javax.ws.rs-api Highest Vendor pom artifactid javax.ws.rs-api Low Vendor pom developer email m_potociar@java.net Low Vendor pom developer email spericas@java.net Low Vendor pom developer id Marek Medium Vendor pom developer id Santiago Medium Vendor pom developer name Marek Potociar Medium Vendor pom developer name Santiago Pericas-Geertsen Medium Vendor pom developer org Oracle Medium Vendor pom developer org URL http://jax-rs-spec.java.net Medium Vendor pom groupid javax.ws.rs Highest Vendor pom name javax.ws.rs-api High Vendor pom organization name Oracle Corporation High Vendor pom organization url http://www.oracle.com/ Medium Vendor pom parent-artifactid jvnet-parent Low Vendor pom parent-groupid net.java Medium Vendor pom url http://jax-rs-spec.java.net Highest Vendor pom (hint) developer org sun Medium Product file name javax.ws.rs-api High Product hint analyzer product web services Medium Product jar package name javax Highest Product jar package name rs Highest Product jar package name ws Highest Product Manifest bundle-docurl http://www.oracle.com/ Low Product Manifest Bundle-Name javax.ws.rs-api Medium Product Manifest bundle-symbolicname javax.ws.rs-api Medium Product Manifest extension-name javax.ws.rs Medium Product pom artifactid javax.ws.rs-api Highest Product pom developer email m_potociar@java.net Low Product pom developer email spericas@java.net Low Product pom developer id Marek Low Product pom developer id Santiago Low Product pom developer name Marek Potociar Low Product pom developer name Santiago Pericas-Geertsen Low Product pom developer org Oracle Low Product pom developer org URL http://jax-rs-spec.java.net Low Product pom groupid javax.ws.rs Highest Product pom name javax.ws.rs-api High Product pom organization name Oracle Corporation Low Product pom organization url http://www.oracle.com/ Low Product pom parent-artifactid jvnet-parent Medium Product pom parent-groupid net.java Medium Product pom url http://jax-rs-spec.java.net Medium Version file version 2.0.1 High Version Manifest Bundle-Version 2.0.1 High Version Manifest Implementation-Version 2.0.1 High Version pom parent-version 2.0.1 Low Version pom version 2.0.1 Highest
javolution-5.5.1.jarDescription:
Javolution - Java Solution for Real-Time and Embedded Systems.
This project uses template classes to generates java code for various versions
of the Java run-time (e.g. J2ME, 1.4, GCJ, 1.5). The default maven compilation
builds OSGI bundle for Java 1.5+ (parameterized classes).
For others targets the ant script should be used directly (e.g. "ant j2me").
License:
BSD License: http://javolution.org/LICENSE.txt File Path: /home/runner/.m2/repository/javolution/javolution/5.5.1/javolution-5.5.1.jar
MD5: 1b7257da4690bada3cac7293985f8588
SHA1: 3fcba819cdb7861728405963ddc4b2755ab182e5
SHA256: 6de167427fb5ad34fe533cb36a8b3427fa6052a2b99781874396ed5cca9f8ed1
Referenced In Project/Scope: shardingsphere-infra-database-hive:provided
javolution-5.5.1.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.hive/hive-jdbc@3.1.3
Evidence Type Source Name Value Confidence Vendor file name javolution High Vendor jar package name javolution Highest Vendor Manifest bundle-docurl http://javolution.org Low Vendor Manifest bundle-symbolicname javolution Medium Vendor pom artifactid javolution Highest Vendor pom artifactid javolution Low Vendor pom developer email jean-marie@dautelle.com Low Vendor pom developer id dautelle Medium Vendor pom developer name Jean-Marie Dautelle Medium Vendor pom developer org Thales Medium Vendor pom developer org URL http://www.thalesraytheon-fr.com Medium Vendor pom groupid javolution Highest Vendor pom name Javolution High Vendor pom organization name Javolution High Vendor pom organization url http://javolution.org Medium Vendor pom url http://javolution.org Highest Product file name javolution High Product jar package name javolution Highest Product Manifest bundle-docurl http://javolution.org Low Product Manifest Bundle-Name Javolution Medium Product Manifest bundle-symbolicname javolution Medium Product pom artifactid javolution Highest Product pom developer email jean-marie@dautelle.com Low Product pom developer id dautelle Low Product pom developer name Jean-Marie Dautelle Low Product pom developer org Thales Low Product pom developer org URL http://www.thalesraytheon-fr.com Low Product pom groupid javolution Highest Product pom name Javolution High Product pom organization name Javolution Low Product pom organization url http://javolution.org Low Product pom url http://javolution.org Medium Version file version 5.5.1 High Version Manifest Bundle-Version 5.5.1 High Version pom version 5.5.1 Highest
jaxb-api-2.2.2.jarDescription:
JAXB (JSR 222) API
License:
CDDL 1.1: https://glassfish.dev.java.net/public/CDDL+GPL_1_1.html
GPL2 w/ CPE: https://glassfish.dev.java.net/public/CDDL+GPL_1_1.html File Path: /home/runner/.m2/repository/javax/xml/bind/jaxb-api/2.2.2/jaxb-api-2.2.2.jar
MD5: a415e9a322984be1e1f8a023d09dca5f
SHA1: aeb3021ca93dde265796d82015beecdcff95bf09
SHA256: 30233df6215fb982d8784de91d307596748cea98d6d502293c7c3e85c1697137
Referenced In Project/Scope: shardingsphere-infra-database-hive:provided
jaxb-api-2.2.2.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.hive/hive-jdbc@3.1.3
Evidence Type Source Name Value Confidence Vendor file name jaxb-api High Vendor jar package name bind Highest Vendor jar package name javax Highest Vendor jar package name jaxb Highest Vendor jar package name xml Highest Vendor Manifest extension-name javax.xml.bind Medium Vendor Manifest specification-vendor Sun Microsystems, Inc. Low Vendor pom artifactid jaxb-api Highest Vendor pom artifactid jaxb-api Low Vendor pom developer name Martin Grebac Medium Vendor pom groupid javax.xml.bind Highest Vendor pom name JAXB API bundle for GlassFish V3 High Vendor pom organization name Oracle Corporation High Vendor pom organization url http://www.oracle.com/ Medium Vendor pom url https://jaxb.dev.java.net/ Highest Product file name jaxb-api High Product jar package name bind Highest Product jar package name javax Highest Product jar package name jaxb Highest Product jar package name xml Highest Product Manifest extension-name javax.xml.bind Medium Product Manifest specification-title Java Architecture for XML Binding Medium Product pom artifactid jaxb-api Highest Product pom developer name Martin Grebac Low Product pom groupid javax.xml.bind Highest Product pom name JAXB API bundle for GlassFish V3 High Product pom organization name Oracle Corporation Low Product pom organization url http://www.oracle.com/ Low Product pom url https://jaxb.dev.java.net/ Medium Version file version 2.2.2 High Version Manifest specification-version 2.2.2 High Version pom version 2.2.2 Highest
jaxb-runtime-2.3.9.jarDescription:
JAXB (JSR 222) Reference Implementation License:
http://www.eclipse.org/org/documents/edl-v10.php File Path: /home/runner/.m2/repository/org/glassfish/jaxb/jaxb-runtime/2.3.9/jaxb-runtime-2.3.9.jar
MD5: 9383286160dde0e1a0fec25aee8a44ef
SHA1: 9d42b4f19df7e20b625b2044a7de81d95f6dff29
SHA256: ba88e5bde7c0d878c3e1f2ec2fcabaf51d201eaf93b3bb9cfecfc1f11b2304d4
Referenced In Projects/Scopes: shardingsphere-test-fixture-database:compile shardingsphere-test-it-parser:compile shardingsphere-test-e2e-agent-plugins-metrics-prometheus:compile shardingsphere-test-e2e-agent-plugins-jaeger:compile shardingsphere-test-it:compile shardingsphere-test-util:compile shardingsphere-test-e2e-agent-plugins-logging:compile shardingsphere-test-e2e-sql:compile shardingsphere-test-e2e-agent-plugins:compile shardingsphere-test-e2e-operation:compile shardingsphere-test-it-yaml:compile shardingsphere-test-fixture:compile shardingsphere-test-e2e-agent-plugins-tracing:compile shardingsphere-test-fixture-infra:compile shardingsphere-test-e2e-env:compile shardingsphere-test:compile shardingsphere-test-e2e-fixture:compile shardingsphere-test-it-optimizer:compile shardingsphere-test-e2e-agent-plugins-zipkin:compile shardingsphere-test-e2e-driver:compile shardingsphere-test-it-pipeline:compile shardingsphere-test-e2e-showprocesslist:compile shardingsphere-test-native:compile shardingsphere-test-e2e-transaction:compile shardingsphere-test-e2e:compile shardingsphere-test-e2e-agent-plugins-logging-file:compile shardingsphere-test-e2e-agent:compile shardingsphere-test-e2e-agent-plugins-common:compile shardingsphere-test-it-rewriter:compile shardingsphere-test-e2e-agent-jdbc-project:compile shardingsphere-test-e2e-agent-plugins-metrics:compile shardingsphere-test-e2e-pipeline:compile jaxb-runtime-2.3.9.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-common@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-metrics@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-it-optimizer@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-logging@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-pipeline@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-fixture-database@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-it-rewriter@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-transaction@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-driver@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-tracing@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-it@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-fixture-infra@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-jdbc-project@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-util@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-sql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-operation@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-fixture@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-native@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-env@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-it-pipeline@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-showprocesslist@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-jaeger@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-fixture@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-logging-file@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-zipkin@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-it-yaml@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-metrics-prometheus@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-it-parser@5.5.1-SNAPSHOT Evidence Type Source Name Value Confidence Vendor file name jaxb-runtime High Vendor jar package name bind Highest Vendor jar package name com Highest Vendor jar package name sun Highest Vendor jar package name xml Highest Vendor jar (hint) package name oracle Highest Vendor Manifest bundle-docurl https://www.eclipse.org Low Vendor Manifest bundle-symbolicname org.glassfish.jaxb.runtime Medium Vendor Manifest git-revision 143ffd0 Low Vendor Manifest implementation-build-id 2.3.9 - 143ffd0 Low Vendor Manifest Implementation-Vendor Eclipse Foundation High Vendor Manifest Implementation-Vendor-Id org.glassfish.jaxb Medium Vendor Manifest multi-release true Low Vendor pom artifactid jaxb-runtime Highest Vendor pom artifactid jaxb-runtime Low Vendor pom groupid org.glassfish.jaxb Highest Vendor pom name JAXB Runtime High Vendor pom parent-artifactid jaxb-runtime-parent Low Vendor pom parent-groupid com.sun.xml.bind.mvn Medium Vendor pom url https://eclipse-ee4j.github.io/jaxb-ri/ Highest Product file name jaxb-runtime High Product jar package name 9 Highest Product jar package name bind Highest Product jar package name com Highest Product jar package name sun Highest Product jar package name xml Highest Product Manifest bundle-docurl https://www.eclipse.org Low Product Manifest Bundle-Name JAXB Runtime Medium Product Manifest bundle-symbolicname org.glassfish.jaxb.runtime Medium Product Manifest git-revision 143ffd0 Low Product Manifest implementation-build-id 2.3.9 - 143ffd0 Low Product Manifest Implementation-Title Jakarta XML Binding Implementation High Product Manifest multi-release true Low Product Manifest specification-title Jakarta XML Binding Medium Product pom artifactid jaxb-runtime Highest Product pom groupid org.glassfish.jaxb Highest Product pom name JAXB Runtime High Product pom parent-artifactid jaxb-runtime-parent Medium Product pom parent-groupid com.sun.xml.bind.mvn Medium Product pom url https://eclipse-ee4j.github.io/jaxb-ri/ Medium Version file version 2.3.9 High Version Manifest build-id 2.3.9 Medium Version Manifest Bundle-Version 2.3.9 High Version Manifest implementation-build-id 2.3.9 Low Version Manifest Implementation-Version 2.3.9 High Version Manifest major-version 2.3.9 Medium Version pom version 2.3.9 Highest
jboss-connector-api_1.7_spec-1.0.0.Final.jarDescription:
JSR 322: Java(TM) EE Connector Architecture 1.7 API License:
Common Development and Distribution License: http://repository.jboss.org/licenses/cddl.txt
GNU General Public License, Version 2 with the Classpath Exception: http://repository.jboss.org/licenses/gpl-2.0-ce.txt File Path: /home/runner/.m2/repository/org/jboss/spec/javax/resource/jboss-connector-api_1.7_spec/1.0.0.Final/jboss-connector-api_1.7_spec-1.0.0.Final.jar
MD5: 44c426640dcc885a6c178cbd5e4fee11
SHA1: 2113100f3aac47f62a948e4a00a2ddfa6497fb62
SHA256: f50260de1712b7b3838e9733dab70ec3536486caeb196af702a554d2587f2a5e
Referenced In Projects/Scopes: shardingsphere-test-e2e-agent-plugins-metrics-prometheus:compile shardingsphere-test-e2e-transaction:compile shardingsphere-test-e2e-agent-plugins-jaeger:compile shardingsphere-test-e2e-sql:compile shardingsphere-test-e2e-agent-plugins-logging-file:compile shardingsphere-test-e2e-agent-plugins-common:compile shardingsphere-test-e2e-env:compile shardingsphere-test-e2e-fixture:compile shardingsphere-test-e2e-agent-plugins-zipkin:compile shardingsphere-transaction-xa-narayana:provided shardingsphere-test-e2e-pipeline:compile shardingsphere-test-e2e-showprocesslist:compile jboss-connector-api_1.7_spec-1.0.0.Final.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-fixture@5.5.1-SNAPSHOT pkg:maven/org.jboss/jboss-transaction-spi@7.6.1.Final pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-common@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-env@5.5.1-SNAPSHOT pkg:maven/org.jboss/jboss-transaction-spi@7.6.1.Final pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-common@5.5.1-SNAPSHOT pkg:maven/org.jboss/jboss-transaction-spi@7.6.1.Final pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-fixture@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-common@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-common@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-env@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-fixture@5.5.1-SNAPSHOT Evidence Type Source Name Value Confidence Vendor file name jboss-connector-api_1.7_spec-1.0.0.Final High Vendor hint analyzer vendor redhat Highest Vendor jar package name connector Highest Vendor jar package name javax Highest Vendor jar package name resource Highest Vendor Manifest build-timestamp Wed, 9 Oct 2013 14:16:13 -0400 Low Vendor Manifest bundle-docurl http://www.jboss.org Low Vendor Manifest bundle-symbolicname org.jboss.spec.javax.resource.jboss-connector-api_1.7_spec Medium Vendor Manifest implementation-url http://www.jboss.org/jboss-connector-api_1.7_spec Low Vendor Manifest Implementation-Vendor JBoss by Red Hat High Vendor Manifest Implementation-Vendor-Id org.jboss.spec.javax.resource Medium Vendor Manifest os-arch amd64 Low Vendor Manifest os-name Linux Medium Vendor Manifest specification-vendor Oracle Low Vendor Manifest (hint) specification-vendor sun Low Vendor pom artifactid jboss-connector-api_1.7_spec Highest Vendor pom artifactid jboss-connector-api_1.7_spec Low Vendor pom groupid org.jboss.spec.javax.resource Highest Vendor pom name Java(TM) EE Connector Architecture 1.7 API High Vendor pom parent-artifactid jboss-parent Low Vendor pom parent-groupid org.jboss Medium Product file name jboss-connector-api_1.7_spec-1.0.0.Final High Product jar package name connector Highest Product jar package name javax Highest Product jar package name resource Highest Product Manifest build-timestamp Wed, 9 Oct 2013 14:16:13 -0400 Low Product Manifest bundle-docurl http://www.jboss.org Low Product Manifest Bundle-Name Java(TM) EE Connector Architecture 1.7 API Medium Product Manifest bundle-symbolicname org.jboss.spec.javax.resource.jboss-connector-api_1.7_spec Medium Product Manifest Implementation-Title Java(TM) EE Connector Architecture 1.7 API High Product Manifest implementation-url http://www.jboss.org/jboss-connector-api_1.7_spec Low Product Manifest os-arch amd64 Low Product Manifest os-name Linux Medium Product Manifest specification-title JSR 322: Java(TM) EE Connector Architecture Medium Product pom artifactid jboss-connector-api_1.7_spec Highest Product pom groupid org.jboss.spec.javax.resource Highest Product pom name Java(TM) EE Connector Architecture 1.7 API High Product pom parent-artifactid jboss-parent Medium Product pom parent-groupid org.jboss Medium Version Manifest Bundle-Version 1.0.0.Final High Version Manifest Implementation-Version 1.0.0.Final High Version pom parent-version 1.0.0.Final Low Version pom version 1.0.0.Final Highest
jboss-logging-3.2.1.Final.jarDescription:
The JBoss Logging Framework License:
Apache License, version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/runner/.m2/repository/org/jboss/logging/jboss-logging/3.2.1.Final/jboss-logging-3.2.1.Final.jar
MD5: 841756c617979782d7f4f708a04f05de
SHA1: fedf11b3d4665a434b554a5891fe7f208f029f45
SHA256: a3b0ffa8ae2b2f2387ebdfdce29086d3955d2a46ce7da802c2ba6ae47fa2f1bf
Referenced In Projects/Scopes: shardingsphere-test-e2e-agent-plugins-metrics-prometheus:compile shardingsphere-test-e2e-transaction:compile shardingsphere-test-e2e-agent-plugins-jaeger:compile shardingsphere-test-e2e-sql:compile shardingsphere-test-e2e-agent-plugins-logging-file:compile shardingsphere-test-e2e-agent-plugins-common:compile shardingsphere-test-e2e-env:compile shardingsphere-test-e2e-fixture:compile shardingsphere-test-e2e-agent-plugins-zipkin:compile shardingsphere-transaction-xa-narayana:provided shardingsphere-test-e2e-pipeline:compile shardingsphere-test-e2e-showprocesslist:compile jboss-logging-3.2.1.Final.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.shardingsphere/shardingsphere-transaction-xa-narayana@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-fixture@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-common@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-common@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-transaction@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-env@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-common@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-env@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-fixture@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-fixture@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-common@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-fixture@5.5.1-SNAPSHOT Evidence Type Source Name Value Confidence Vendor file name jboss-logging High Vendor hint analyzer vendor redhat Highest Vendor jar package name jboss Highest Vendor jar package name logging Highest Vendor Manifest build-timestamp Tue, 20 Jan 2015 08:22:09 -0800 Low Vendor Manifest bundle-docurl http://www.jboss.org Low Vendor Manifest bundle-symbolicname org.jboss.logging.jboss-logging Medium Vendor Manifest implementation-url http://www.jboss.org Low Vendor Manifest Implementation-Vendor JBoss by Red Hat High Vendor Manifest Implementation-Vendor-Id org.jboss.logging Medium Vendor Manifest originally-created-by Apache Maven Bundle Plugin Low Vendor Manifest os-arch amd64 Low Vendor Manifest os-name Linux Medium Vendor Manifest specification-vendor JBoss by Red Hat Low Vendor pom artifactid jboss-logging Highest Vendor pom artifactid jboss-logging Low Vendor pom groupid org.jboss.logging Highest Vendor pom name JBoss Logging 3 High Vendor pom parent-artifactid jboss-parent Low Vendor pom parent-groupid org.jboss Medium Vendor pom url http://www.jboss.org Highest Product file name jboss-logging High Product jar package name jboss Highest Product jar package name logging Highest Product Manifest build-timestamp Tue, 20 Jan 2015 08:22:09 -0800 Low Product Manifest bundle-docurl http://www.jboss.org Low Product Manifest Bundle-Name JBoss Logging 3 Medium Product Manifest bundle-symbolicname org.jboss.logging.jboss-logging Medium Product Manifest Implementation-Title JBoss Logging 3 High Product Manifest implementation-url http://www.jboss.org Low Product Manifest originally-created-by Apache Maven Bundle Plugin Low Product Manifest os-arch amd64 Low Product Manifest os-name Linux Medium Product Manifest specification-title JBoss Logging 3 Medium Product pom artifactid jboss-logging Highest Product pom groupid org.jboss.logging Highest Product pom name JBoss Logging 3 High Product pom parent-artifactid jboss-parent Medium Product pom parent-groupid org.jboss Medium Product pom url http://www.jboss.org Medium Version Manifest Bundle-Version 3.2.1.Final High Version Manifest Implementation-Version 3.2.1.Final High Version pom parent-version 3.2.1.Final Low Version pom version 3.2.1.Final Highest
jboss-transaction-api_1.2_spec-1.0.0.Alpha3.jarDescription:
The Java Transaction 1.2 API classes License:
Common Development and Distribution License: http://repository.jboss.org/licenses/cddl.txt
GNU General Public License, Version 2 with the Classpath Exception: http://repository.jboss.org/licenses/gpl-2.0-ce.txt File Path: /home/runner/.m2/repository/org/jboss/spec/javax/transaction/jboss-transaction-api_1.2_spec/1.0.0.Alpha3/jboss-transaction-api_1.2_spec-1.0.0.Alpha3.jar
MD5: b9f339eb4bbb033401cced9e66889fdf
SHA1: 4e2bde1ffb9578de679abaf0a9a5158a02f15fb4
SHA256: 06a2d5568c7b5c069a992756673fbc3490335926e06a33de44fe87e31e0ec1ac
Referenced In Projects/Scopes: shardingsphere-test-e2e-agent-plugins-metrics-prometheus:compile shardingsphere-test-e2e-transaction:compile shardingsphere-test-e2e-agent-plugins-jaeger:compile shardingsphere-test-e2e-sql:compile shardingsphere-test-e2e-agent-plugins-logging-file:compile shardingsphere-test-e2e-agent-plugins-common:compile shardingsphere-test-e2e-env:compile shardingsphere-test-e2e-fixture:compile shardingsphere-test-e2e-agent-plugins-zipkin:compile shardingsphere-transaction-xa-narayana:provided shardingsphere-test-e2e-pipeline:compile shardingsphere-test-e2e-showprocesslist:compile jboss-transaction-api_1.2_spec-1.0.0.Alpha3.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.jboss/jboss-transaction-spi@7.6.1.Final pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-env@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-fixture@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-fixture@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-common@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-common@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-env@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-fixture@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-common@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-common@5.5.1-SNAPSHOT pkg:maven/org.jboss/jboss-transaction-spi@7.6.1.Final pkg:maven/org.jboss/jboss-transaction-spi@7.6.1.Final Evidence Type Source Name Value Confidence Vendor file name jboss-transaction-api_1.2_spec-1.0.0.Alpha3 High Vendor hint analyzer vendor redhat Highest Vendor jar package name javax Highest Vendor jar package name transaction Highest Vendor Manifest build-timestamp Sun, 26 May 2013 08:23:49 -0400 Low Vendor Manifest bundle-docurl http://www.jboss.org Low Vendor Manifest bundle-symbolicname org.jboss.spec.javax.transaction.jboss-transaction-api_1.2_spec Medium Vendor Manifest implementation-url http://www.jboss.org/jboss-transaction-api_1.2_spec Low Vendor Manifest Implementation-Vendor JBoss by Red Hat High Vendor Manifest Implementation-Vendor-Id org.jboss.spec.javax.transaction Medium Vendor Manifest os-arch amd64 Low Vendor Manifest os-name Linux Medium Vendor pom artifactid jboss-transaction-api_1.2_spec Highest Vendor pom artifactid jboss-transaction-api_1.2_spec Low Vendor pom groupid org.jboss.spec.javax.transaction Highest Vendor pom name Java Transaction API High Vendor pom parent-artifactid jboss-parent Low Vendor pom parent-groupid org.jboss Medium Product file name jboss-transaction-api_1.2_spec-1.0.0.Alpha3 High Product jar package name javax Highest Product jar package name transaction Highest Product Manifest build-timestamp Sun, 26 May 2013 08:23:49 -0400 Low Product Manifest bundle-docurl http://www.jboss.org Low Product Manifest Bundle-Name Java Transaction API Medium Product Manifest bundle-symbolicname org.jboss.spec.javax.transaction.jboss-transaction-api_1.2_spec Medium Product Manifest Implementation-Title Java Transaction API High Product Manifest implementation-url http://www.jboss.org/jboss-transaction-api_1.2_spec Low Product Manifest os-arch amd64 Low Product Manifest os-name Linux Medium Product Manifest specification-title JSR 907: Java Transaction API (JTA) Medium Product pom artifactid jboss-transaction-api_1.2_spec Highest Product pom groupid org.jboss.spec.javax.transaction Highest Product pom name Java Transaction API High Product pom parent-artifactid jboss-parent Medium Product pom parent-groupid org.jboss Medium Version Manifest Bundle-Version 1.0.0.Alpha3 High Version Manifest Implementation-Version 1.0.0.Alpha3 High Version pom parent-version 1.0.0.Alpha3 Low Version pom version 1.0.0.Alpha3 Highest
jboss-transaction-spi-7.6.1.Final.jarDescription:
The Java Transaction SPI classes File Path: /home/runner/.m2/repository/org/jboss/jboss-transaction-spi/7.6.1.Final/jboss-transaction-spi-7.6.1.Final.jarMD5: cfd94cfa601498583a9dbb65d99a58c4SHA1: 0465cf6bebdcb268188f350d225d67201728d01fSHA256: d174f504599a628449a6501c178161b823eadd377ae2603215823097a7b1f21eReferenced In Projects/Scopes:
shardingsphere-test-e2e-agent-plugins-metrics-prometheus:compile shardingsphere-test-e2e-transaction:compile shardingsphere-test-e2e-agent-plugins-jaeger:compile shardingsphere-test-e2e-sql:compile shardingsphere-test-e2e-agent-plugins-logging-file:compile shardingsphere-test-e2e-agent-plugins-common:compile shardingsphere-test-e2e-env:compile shardingsphere-test-e2e-fixture:compile shardingsphere-test-e2e-agent-plugins-zipkin:compile shardingsphere-transaction-xa-narayana:provided shardingsphere-test-e2e-pipeline:compile shardingsphere-test-e2e-showprocesslist:compile jboss-transaction-spi-7.6.1.Final.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-fixture@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-env@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-common@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-transaction@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-transaction-xa-narayana@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-common@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-common@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-fixture@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-fixture@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-fixture@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-common@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-env@5.5.1-SNAPSHOT Evidence Type Source Name Value Confidence Vendor file name jboss-transaction-spi High Vendor hint analyzer vendor redhat Highest Vendor jar package name jboss Highest Vendor Manifest implementation-url http://www.jboss.org Low Vendor Manifest Implementation-Vendor JBoss by Red Hat High Vendor Manifest Implementation-Vendor-Id org.jboss Medium Vendor Manifest os-arch amd64 Low Vendor Manifest os-name Linux Medium Vendor Manifest specification-vendor JBoss by Red Hat Low Vendor pom artifactid jboss-transaction-spi Highest Vendor pom artifactid jboss-transaction-spi Low Vendor pom groupid org.jboss Highest Vendor pom name JBoss Transaction SPI High Vendor pom parent-artifactid jboss-transaction-spi-parent Low Vendor pom url http://www.jboss.org Highest Product file name jboss-transaction-spi High Product jar package name jboss Highest Product Manifest Implementation-Title JBoss Transaction SPI High Product Manifest implementation-url http://www.jboss.org Low Product Manifest os-arch amd64 Low Product Manifest os-name Linux Medium Product Manifest specification-title JBoss Transaction SPI Medium Product pom artifactid jboss-transaction-spi Highest Product pom groupid org.jboss Highest Product pom name JBoss Transaction SPI High Product pom parent-artifactid jboss-transaction-spi-parent Medium Product pom url http://www.jboss.org Medium Version Manifest Implementation-Version 7.6.1.Final High Version pom version 7.6.1.Final Highest
jcl-over-slf4j-1.7.36.jar jcodings-1.0.18.jarDescription:
Byte based encoding support library for java
License:
MIT License: http://www.opensource.org/licenses/mit-license.php File Path: /home/runner/.m2/repository/org/jruby/jcodings/jcodings/1.0.18/jcodings-1.0.18.jar
MD5: e67656ce96abd4a1318e8a5ad31aff27
SHA1: e2c76a19f00128bb1806207e2989139bfb45f49d
SHA256: f085a8026f23b8a77dc95946b88f4e4439ed9f78d98b7ddea92ee9d339d6c647
Referenced In Project/Scope: shardingsphere-infra-database-hive:provided
jcodings-1.0.18.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.hive/hive-jdbc@3.1.3
Evidence Type Source Name Value Confidence Vendor file name jcodings High Vendor jar package name encoding Highest Vendor jar package name jcodings Highest Vendor pom artifactid jcodings Highest Vendor pom artifactid jcodings Low Vendor pom developer email lopx@gazeta.pl Low Vendor pom developer id lopex Medium Vendor pom developer name Marcin Mielzynski Medium Vendor pom groupid org.jruby.jcodings Highest Vendor pom name JCodings High Product file name jcodings High Product jar package name encoding Highest Product jar package name jcodings Highest Product Manifest Implementation-Title JCodings (Byte based encoding support library for java) High Product pom artifactid jcodings Highest Product pom developer email lopx@gazeta.pl Low Product pom developer id lopex Low Product pom developer name Marcin Mielzynski Low Product pom groupid org.jruby.jcodings Highest Product pom name JCodings High Version file version 1.0.18 High Version pom version 1.0.18 Highest
jdo-api-3.0.1.jarDescription:
The Java Data Objects (JDO) API is a standard interface-based Java model abstraction of persistence, developed as Java Specification Request 243 under the auspices of the Java Community Process. License:
Apache 2: http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/runner/.m2/repository/javax/jdo/jdo-api/3.0.1/jdo-api-3.0.1.jar
MD5: 978ae9726514457b8cfe8a3ba1c17ca5
SHA1: 058e7a538e020b73871e232eeb064835fd98a492
SHA256: 2a2e63d44a4d7fe267650d08431218648adee14f725df3896d09db3084d7a2f2
Referenced In Project/Scope: shardingsphere-infra-database-hive:provided
jdo-api-3.0.1.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.hive/hive-jdbc@3.1.3
Evidence Type Source Name Value Confidence Vendor file name jdo-api High Vendor jar package name javax Highest Vendor jar package name jdo Highest Vendor Manifest bundle-symbolicname javax.jdo Medium Vendor Manifest Implementation-Vendor Apache Software Foundation High Vendor manifest: javax/jdo Implementation-Vendor Apache Software Foundation Medium Vendor pom artifactid jdo-api Highest Vendor pom artifactid jdo-api Low Vendor pom developer email brianm@apache.org Low Vendor pom developer email Craig.Russell@Sun.COM Low Vendor pom developer email erik@jpox.org Low Vendor pom developer email geirm@apache.org Low Vendor pom developer email martin.zaun@Sun.COM Low Vendor pom developer email matthew@matthewadams.me Low Vendor pom developer email mbo.tech@spree.de Low Vendor pom developer email Michelle.Caisse@Sun.COM Low Vendor pom developer email mwa.tech@spree.de Low Vendor pom developer id brazil Medium Vendor pom developer id brianm Medium Vendor pom developer id clr Medium Vendor pom developer id ebengtson Medium Vendor pom developer id geirm Medium Vendor pom developer id madams Medium Vendor pom developer id mbo Medium Vendor pom developer id mcaisse Medium Vendor pom developer id mzaun Medium Vendor pom developer name Brian McCallister Medium Vendor pom developer name Craig Russell Medium Vendor pom developer name Erik Bengtson Medium Vendor pom developer name Geir Magnusson, Jr. Medium Vendor pom developer name Martin Zaun Medium Vendor pom developer name Matthew Adams Medium Vendor pom developer name Michael Bouschen Medium Vendor pom developer name Michael Watzek Medium Vendor pom developer name Michelle Caisse Medium Vendor pom developer org Apache.org Medium Vendor pom developer org JPOX Medium Vendor pom developer org Sun Microsystems, Inc. Medium Vendor pom developer org Tech@Spree Engineering GmbH Medium Vendor pom groupid javax.jdo Highest Vendor pom name JDO API High Vendor pom organization name Apache Software Foundation High Vendor pom organization url http://www.apache.org Medium Vendor pom url http://db.apache.org/jdo Highest Product file name jdo-api High Product jar package name javax Highest Product jar package name jdo Highest Product Manifest Bundle-Name Java Data Objects Medium Product Manifest bundle-symbolicname javax.jdo Medium Product Manifest Implementation-Title javax.jdo High Product Manifest specification-title Java Data Objects Medium Product manifest: javax/jdo Implementation-Title javax.jdo Medium Product manifest: javax/jdo Specification-Title Java Data Objects (JDO) API Medium Product pom artifactid jdo-api Highest Product pom developer email brianm@apache.org Low Product pom developer email Craig.Russell@Sun.COM Low Product pom developer email erik@jpox.org Low Product pom developer email geirm@apache.org Low Product pom developer email martin.zaun@Sun.COM Low Product pom developer email matthew@matthewadams.me Low Product pom developer email mbo.tech@spree.de Low Product pom developer email Michelle.Caisse@Sun.COM Low Product pom developer email mwa.tech@spree.de Low Product pom developer id brazil Low Product pom developer id brianm Low Product pom developer id clr Low Product pom developer id ebengtson Low Product pom developer id geirm Low Product pom developer id madams Low Product pom developer id mbo Low Product pom developer id mcaisse Low Product pom developer id mzaun Low Product pom developer name Brian McCallister Low Product pom developer name Craig Russell Low Product pom developer name Erik Bengtson Low Product pom developer name Geir Magnusson, Jr. Low Product pom developer name Martin Zaun Low Product pom developer name Matthew Adams Low Product pom developer name Michael Bouschen Low Product pom developer name Michael Watzek Low Product pom developer name Michelle Caisse Low Product pom developer org Apache.org Low Product pom developer org JPOX Low Product pom developer org Sun Microsystems, Inc. Low Product pom developer org Tech@Spree Engineering GmbH Low Product pom groupid javax.jdo Highest Product pom name JDO API High Product pom organization name Apache Software Foundation Low Product pom organization url http://www.apache.org Low Product pom url http://db.apache.org/jdo Medium Version file version 3.0.1 High Version Manifest Bundle-Version 3.0.1 High Version Manifest Implementation-Version 3.0.1 High Version manifest: javax/jdo Implementation-Version 3.0.1 Medium Version pom version 3.0.1 Highest
jedis-4.4.6.jarDescription:
Jedis is a blazingly small and sane Redis java client. License:
MIT: http://github.com/redis/jedis/raw/master/LICENSE.txt File Path: /home/runner/.m2/repository/redis/clients/jedis/4.4.6/jedis-4.4.6.jar
MD5: b9a5c14de72096d2859ca111c744b73c
SHA1: cd8452cebda17bb445b9d666cd8cb741454348cd
SHA256: b387ccb0978ebce6196451887e960bda2c1804063e581737d2c4d91915c32ec7
Referenced In Project/Scope: shardingsphere-global-clock-tso-provider-redis:provided
jedis-4.4.6.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.shardingsphere/shardingsphere-global-clock-tso-provider-redis@5.5.1-SNAPSHOT
Evidence Type Source Name Value Confidence Vendor file name jedis High Vendor jar package name clients Highest Vendor jar package name jedis Highest Vendor jar package name redis Highest Vendor Manifest automatic-module-name redis.clients.jedis Medium Vendor Manifest build-jdk-spec 1.8 Low Vendor Manifest bundle-symbolicname redis.clients.jedis Medium Vendor pom artifactid jedis Highest Vendor pom artifactid jedis Low Vendor pom groupid redis.clients Highest Vendor pom name Jedis High Vendor pom url redis/jedis Highest Product file name jedis High Product jar package name clients Highest Product jar package name jedis Highest Product jar package name redis Highest Product Manifest automatic-module-name redis.clients.jedis Medium Product Manifest build-jdk-spec 1.8 Low Product Manifest Bundle-Name Jedis Medium Product Manifest bundle-symbolicname redis.clients.jedis Medium Product pom artifactid jedis Highest Product pom groupid redis.clients Highest Product pom name Jedis High Product pom url redis/jedis High Version file version 4.4.6 High Version Manifest Bundle-Version 4.4.6 High Version pom version 4.4.6 Highest
jersey-common-2.25.1.jarDescription:
Jersey core common packages License:
http://glassfish.java.net/public/CDDL+GPL_1_1.html File Path: /home/runner/.m2/repository/org/glassfish/jersey/core/jersey-common/2.25.1/jersey-common-2.25.1.jar
MD5: d1f25f421cafb38efb49e2fef0799339
SHA1: 2438ce68d4907046095ab54aa83a6092951b4bbb
SHA256: 4df653fc69d5feec7ad1928018f964e12a7513bcea7b5e8b1aa4b1f5a815815f
Referenced In Project/Scope: shardingsphere-infra-database-hive:provided
jersey-common-2.25.1.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.hive/hive-jdbc@3.1.3
Evidence Type Source Name Value Confidence Vendor file name jersey-common High Vendor jar package name glassfish Highest Vendor jar package name jersey Highest Vendor Manifest bundle-docurl http://www.oracle.com/ Low Vendor Manifest bundle-symbolicname org.glassfish.jersey.core.jersey-common Medium Vendor pom artifactid jersey-common Highest Vendor pom artifactid jersey-common Low Vendor pom groupid org.glassfish.jersey.core Highest Vendor pom name jersey-core-common High Vendor pom parent-artifactid project Low Vendor pom parent-groupid org.glassfish.jersey Medium Product file name jersey-common High Product jar package name glassfish Highest Product jar package name jersey Highest Product Manifest bundle-docurl http://www.oracle.com/ Low Product Manifest Bundle-Name jersey-core-common Medium Product Manifest bundle-symbolicname org.glassfish.jersey.core.jersey-common Medium Product pom artifactid jersey-common Highest Product pom groupid org.glassfish.jersey.core Highest Product pom name jersey-core-common High Product pom parent-artifactid project Medium Product pom parent-groupid org.glassfish.jersey Medium Version file version 2.25.1 High Version Manifest Bundle-Version 2.25.1 High Version pom version 2.25.1 Highest
CVE-2021-28168 (OSSINDEX) suppress
Eclipse Jersey 2.28 to 2.33 and Eclipse Jersey 3.0.0 to 3.0.1 contains a local information disclosure vulnerability. This is due to the use of the File.createTempFile which creates a file inside of the system temporary directory with the permissions: -rw-r--r--. Thus the contents of this file are viewable by all other users locally on the system. As such, if the contents written is security sensitive, it can be disclosed to other local users. CWE-378 Creation of Temporary File With Insecure Permissions
CVSSv3:
Base Score: MEDIUM (5.5) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N References:
Vulnerable Software & Versions (OSSINDEX):
cpe:2.3:a:org.glassfish.jersey.core:jersey-common:2.25.1:*:*:*:*:*:*:* jersey-core-1.9.jarDescription:
Jersey is the open source (under dual CDDL+GPL license) JAX-RS (JSR 311) production quality Reference Implementation for building RESTful Web services. License:
http://glassfish.java.net/public/CDDL+GPL_1_1.html, http://glassfish.java.net/public/CDDL+GPL_1_1.html File Path: /home/runner/.m2/repository/com/sun/jersey/jersey-core/1.9/jersey-core-1.9.jar
MD5: 73d196595f5e410a37c0a4337350ceb7
SHA1: 8341846f18187013bb9e27e46b7ee00a6395daf4
SHA256: 2c6d0ec88fc8c36cb41637d9c00d0698c22cb6b6a137fa526ef782e00d2265bc
Referenced In Project/Scope: shardingsphere-infra-database-hive:provided
jersey-core-1.9.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.hive/hive-jdbc@3.1.3
Evidence Type Source Name Value Confidence Vendor file name jersey-core High Vendor jar package name core Highest Vendor jar package name jersey Highest Vendor jar package name sun Highest Vendor jar (hint) package name oracle Highest Vendor Manifest bundle-docurl http://www.oracle.com/ Low Vendor Manifest bundle-symbolicname com.sun.jersey.jersey-core Medium Vendor Manifest Implementation-Vendor Oracle Corporation High Vendor Manifest Implementation-Vendor-Id com.sun.jersey Medium Vendor pom artifactid jersey-core Highest Vendor pom artifactid jersey-core Low Vendor pom groupid com.sun.jersey Highest Vendor pom name jersey-core High Vendor pom parent-artifactid jersey-project Low Product file name jersey-core High Product jar package name core Highest Product jar package name jersey Highest Product jar package name sun Highest Product Manifest bundle-docurl http://www.oracle.com/ Low Product Manifest Bundle-Name jersey-core Medium Product Manifest bundle-symbolicname com.sun.jersey.jersey-core Medium Product Manifest Implementation-Title jersey-core High Product pom artifactid jersey-core Highest Product pom groupid com.sun.jersey Highest Product pom name jersey-core High Product pom parent-artifactid jersey-project Medium Version file version 1.9 High Version Manifest Bundle-Version 1.9 High Version Manifest Implementation-Version 1.9 High Version pom version 1.9 Highest
CVE-2014-3643 (OSSINDEX) suppress
jersey: XXE via parameter entities not disabled by the jersey SAX parser CWE-611 Improper Restriction of XML External Entity Reference
CVSSv3:
Base Score: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N References:
Vulnerable Software & Versions (OSSINDEX):
cpe:2.3:a:com.sun.jersey:jersey-core:1.9:*:*:*:*:*:*:* jersey-server-1.9.jarDescription:
Jersey is the open source (under dual CDDL+GPL license) JAX-RS (JSR 311) production quality Reference Implementation for building RESTful Web services. License:
http://glassfish.java.net/public/CDDL+GPL_1_1.html, http://glassfish.java.net/public/CDDL+GPL_1_1.html File Path: /home/runner/.m2/repository/com/sun/jersey/jersey-server/1.9/jersey-server-1.9.jar
MD5: 0c98f6cca5df8197b310a0d1d89bb34a
SHA1: 3a6ea7cc5e15c824953f9f3ece2201b634d90d18
SHA256: 3ded91b198077561bd51f6c0442c9cd70b754d8b31b61afaf448bda9d01848f0
Referenced In Project/Scope: shardingsphere-infra-database-hive:provided
jersey-server-1.9.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.hive/hive-jdbc@3.1.3
Evidence Type Source Name Value Confidence Vendor file name jersey-server High Vendor jar package name jersey Highest Vendor jar package name server Highest Vendor jar package name sun Highest Vendor jar (hint) package name oracle Highest Vendor Manifest bundle-docurl http://www.oracle.com/ Low Vendor Manifest bundle-symbolicname com.sun.jersey.jersey-server Medium Vendor Manifest Implementation-Vendor Oracle Corporation High Vendor Manifest Implementation-Vendor-Id com.sun.jersey Medium Vendor pom artifactid jersey-server Highest Vendor pom artifactid jersey-server Low Vendor pom groupid com.sun.jersey Highest Vendor pom name jersey-server High Vendor pom parent-artifactid jersey-project Low Product file name jersey-server High Product jar package name jersey Highest Product jar package name server Highest Product jar package name sun Highest Product Manifest bundle-docurl http://www.oracle.com/ Low Product Manifest Bundle-Name jersey-server Medium Product Manifest bundle-symbolicname com.sun.jersey.jersey-server Medium Product Manifest Implementation-Title jersey-server High Product pom artifactid jersey-server Highest Product pom groupid com.sun.jersey Highest Product pom name jersey-server High Product pom parent-artifactid jersey-project Medium Version file version 1.9 High Version Manifest Bundle-Version 1.9 High Version Manifest Implementation-Version 1.9 High Version pom version 1.9 Highest
Related Dependencies jersey-client-1.9.jarFile Path: /home/runner/.m2/repository/com/sun/jersey/jersey-client/1.9/jersey-client-1.9.jar MD5: cdbba85f9cb7ce5e0ca51d610f0228e9 SHA1: d3c4b2b5f89db32c96ceddcb863684821910a7bb SHA256: 8ae03af0d06c46a51b65d123ec40f245da690991aa3669cef4767db8f36fbe68 pkg:maven/com.sun.jersey/jersey-client@1.9 jersey-guice-1.9.jarFile Path: /home/runner/.m2/repository/com/sun/jersey/contribs/jersey-guice/1.9/jersey-guice-1.9.jar MD5: a81140d246f420c1e2eabe649417c5b1 SHA1: 5963c28c47df7e5d6ad34cec80c071c368777f7b SHA256: 544fc92d2625332a9a8eeaa7a7274cf1af6703936a50afa80d92a78200a7de34 pkg:maven/com.sun.jersey.contribs/jersey-guice@1.9 jersey-server-2.25.1.jarDescription:
Jersey core server implementation License:
http://glassfish.java.net/public/CDDL+GPL_1_1.html File Path: /home/runner/.m2/repository/org/glassfish/jersey/core/jersey-server/2.25.1/jersey-server-2.25.1.jar
MD5: 92dad916eab7a19c5398838a78ee9cab
SHA1: 276e2ee0fd1cdabf99357fce560c5baab675b1a2
SHA256: 4b9cdae8eae88b75762614b9a458f5aac47cf6486fe408206fc64e38b80469ae
Referenced In Project/Scope: shardingsphere-infra-database-hive:provided
jersey-server-2.25.1.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.hive/hive-jdbc@3.1.3
Evidence Type Source Name Value Confidence Vendor file name jersey-server High Vendor jar package name glassfish Highest Vendor jar package name jersey Highest Vendor jar package name org Highest Vendor jar package name server Highest Vendor Manifest bundle-docurl http://www.oracle.com/ Low Vendor Manifest bundle-symbolicname org.glassfish.jersey.core.jersey-server Medium Vendor pom artifactid jersey-server Highest Vendor pom artifactid jersey-server Low Vendor pom groupid org.glassfish.jersey.core Highest Vendor pom name jersey-core-server High Vendor pom parent-artifactid project Low Vendor pom parent-groupid org.glassfish.jersey Medium Product file name jersey-server High Product jar package name glassfish Highest Product jar package name jersey Highest Product jar package name org Highest Product jar package name server Highest Product Manifest bundle-docurl http://www.oracle.com/ Low Product Manifest Bundle-Name jersey-core-server Medium Product Manifest bundle-symbolicname org.glassfish.jersey.core.jersey-server Medium Product pom artifactid jersey-server Highest Product pom groupid org.glassfish.jersey.core Highest Product pom name jersey-core-server High Product pom parent-artifactid project Medium Product pom parent-groupid org.glassfish.jersey Medium Version file version 2.25.1 High Version Manifest Bundle-Version 2.25.1 High Version pom version 2.25.1 Highest
Related Dependencies jersey-client-2.25.1.jarFile Path: /home/runner/.m2/repository/org/glassfish/jersey/core/jersey-client/2.25.1/jersey-client-2.25.1.jar MD5: cbc88e55529984d664eb6ef1b65b3684 SHA1: 4d563b1f93352ee9fad597e9e1daf2c6159993c6 SHA256: 10671e430dc7c841eb0bc54c9f3e265dbb60e9f85efaad71d1e39807057e405c pkg:maven/org.glassfish.jersey.core/jersey-client@2.25.1 jersey-container-servlet-core-2.25.1.jar jersey-guava-2.25.1.jarFile Path: /home/runner/.m2/repository/org/glassfish/jersey/bundles/repackaged/jersey-guava/2.25.1/jersey-guava-2.25.1.jar MD5: 08dc8642c4e990b054882cb4f422f88b SHA1: a2bb4f8208e134cf2cf71dfb8824e42942f7bd06 SHA256: 8a88a8ebae65cb4d77830b40f681bf742b55ec62e7a44cf91b8577a9396b9f81 pkg:maven/org.glassfish.jersey.bundles.repackaged/jersey-guava@2.25.1 jersey-media-jaxb-2.25.1.jarFile Path: /home/runner/.m2/repository/org/glassfish/jersey/media/jersey-media-jaxb/2.25.1/jersey-media-jaxb-2.25.1.jar MD5: 43c2fe9a2848343cb562f855b06b7047 SHA1: 0d7da0beeed5614a3bfd882662faec602699e24b SHA256: 05526bed0ffc07c2cea6b399f4e61ae3c99e44021e28a4af926ed1d867ba3fbe pkg:maven/org.glassfish.jersey.media/jersey-media-jaxb@2.25.1 jetcd-core-0.7.7.jarDescription:
jetcd-core License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/runner/.m2/repository/io/etcd/jetcd-core/0.7.7/jetcd-core-0.7.7.jar
MD5: 5b375c26de08ddbf644ed23c75653772
SHA1: 248af0e39b2f697edd36db5d16c375cd23740bb9
SHA256: 4e7b9f44e51ba6f8adb467a8bbc9e2a4ab508652d3f8c746701f63a290942d18
Referenced In Projects/Scopes: shardingsphere-proxy-distribution:compile shardingsphere-test-e2e-agent-plugins-metrics-prometheus:compile shardingsphere-test-e2e-transaction:compile shardingsphere-test-e2e-agent-plugins-jaeger:compile shardingsphere-agent-metrics-core:provided shardingsphere-proxy-native-distribution:compile shardingsphere-test-e2e-sql:compile shardingsphere-agent-metrics-prometheus:provided shardingsphere-test-e2e-agent-plugins-logging-file:compile shardingsphere-cluster-mode-repository-etcd:compile shardingsphere-test-e2e-agent-plugins-common:compile shardingsphere-jdbc-distribution:compile shardingsphere-test-e2e-env:compile shardingsphere-test-e2e-fixture:compile shardingsphere-proxy-bootstrap:compile shardingsphere-test-e2e-agent-plugins-zipkin:compile shardingsphere-test-e2e-pipeline:compile shardingsphere-test-e2e-showprocesslist:compile jetcd-core-0.7.7.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-common@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-env@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-cluster-mode-repository-etcd@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-bootstrap@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-common@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-bootstrap@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-bootstrap@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-common@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-bootstrap@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-bootstrap@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-bootstrap@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-env@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-fixture@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-common@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-cluster-mode-repository-etcd@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-cluster-mode-repository-etcd@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-fixture@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-bootstrap@5.5.1-SNAPSHOT Evidence Type Source Name Value Confidence Vendor file name jetcd-core High Vendor jar package name etcd Highest Vendor jar package name etcd Low Vendor jar package name io Highest Vendor jar package name io Low Vendor jar package name jetcd Highest Vendor jar package name jetcd Low Vendor pom artifactid jetcd-core Highest Vendor pom artifactid jetcd-core Low Vendor pom developer id lburgazzoli Medium Vendor pom developer name Anthony Romano Medium Vendor pom developer name Fanmin Shi Medium Vendor pom developer name Luca Burgazzoli Medium Vendor pom developer name Xiang Li Medium Vendor pom developer org CoreOS Medium Vendor pom developer org Red Hat Medium Vendor pom developer org URL http://coreos.com Medium Vendor pom developer org URL http://redhat.com Medium Vendor pom groupid io.etcd Highest Vendor pom name jetcd-core High Vendor pom url etcd-io/jetcd Highest Product file name jetcd-core High Product jar package name etcd Highest Product jar package name etcd Low Product jar package name io Highest Product jar package name jetcd Highest Product jar package name jetcd Low Product pom artifactid jetcd-core Highest Product pom developer id lburgazzoli Low Product pom developer name Anthony Romano Low Product pom developer name Fanmin Shi Low Product pom developer name Luca Burgazzoli Low Product pom developer name Xiang Li Low Product pom developer org CoreOS Low Product pom developer org Red Hat Low Product pom developer org URL http://coreos.com Low Product pom developer org URL http://redhat.com Low Product pom groupid io.etcd Highest Product pom name jetcd-core High Product pom url etcd-io/jetcd High Version file version 0.7.7 High Version pom version 0.7.7 Highest
Related Dependencies jetcd-api-0.7.7.jarFile Path: /home/runner/.m2/repository/io/etcd/jetcd-api/0.7.7/jetcd-api-0.7.7.jar MD5: e79b259822852d36e21c3d1b2caf0b06 SHA1: 93bbdfe6ab3f29af0b3a33fa32d58ba7d7c0070a SHA256: e6e57b9176a4ee4f2b495f0aafb9f73c3cb2c9a40cc5fb5aca4570e16f4ff931 pkg:maven/io.etcd/jetcd-api@0.7.7 jetcd-common-0.7.7.jarFile Path: /home/runner/.m2/repository/io/etcd/jetcd-common/0.7.7/jetcd-common-0.7.7.jar MD5: 89986d8d990242cd979b986ccaffb8e6 SHA1: a9aecaf46d2d202bab03d95e453eef8fa891cf0b SHA256: 3db56d0fdd51b5f5ed5c8aeda10b146c22beb470dab2afdaa9a064f67cb69092 pkg:maven/io.etcd/jetcd-common@0.7.7 CVE-2020-15113 suppress
In etcd before versions 3.3.23 and 3.4.10, certain directory paths are created (etcd data directory and the directory path when provided to automatically generate self-signed certificates for TLS connections with clients) with restricted access permissions (700) by using the os.MkdirAll. This function does not perform any permission checks when a given directory path exists already. A possible workaround is to ensure the directories have the desired permission (700). CWE-281 Improper Preservation of Permissions
CVSSv2:
Base Score: LOW (3.6) Vector: /AV:L/AC:L/Au:N/C:P/I:P/A:N CVSSv3:
Base Score: HIGH (7.1) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N/E:1.8/RC:R/MAV:A References:
Vulnerable Software & Versions: (show all )
CVE-2020-15106 suppress
In etcd before versions 3.3.23 and 3.4.10, a large slice causes panic in decodeRecord method. The size of a record is stored in the length field of a WAL file and no additional validation is done on this data. Therefore, it is possible to forge an extremely large frame size that can unintentionally panic at the expense of any RAFT participant trying to decode the WAL. CWE-20 Improper Input Validation, NVD-CWE-Other
CVSSv2:
Base Score: MEDIUM (4.0) Vector: /AV:N/AC:L/Au:S/C:N/I:N/A:P CVSSv3:
Base Score: MEDIUM (6.5) Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:2.8/RC:R/MAV:A References:
Vulnerable Software & Versions: (show all )
CVE-2020-15112 suppress
In etcd before versions 3.3.23 and 3.4.10, it is possible to have an entry index greater then the number of entries in the ReadAll method in wal/wal.go. This could cause issues when WAL entries are being read during consensus as an arbitrary etcd consensus participant could go down from a runtime panic when reading the entry. CWE-129 Improper Validation of Array Index, CWE-20 Improper Input Validation
CVSSv2:
Base Score: MEDIUM (4.0) Vector: /AV:N/AC:L/Au:S/C:N/I:N/A:P CVSSv3:
Base Score: MEDIUM (6.5) Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:2.8/RC:R/MAV:A References:
Vulnerable Software & Versions: (show all )
CVE-2023-32082 suppress
etcd is a distributed key-value store for the data of a distributed system. Prior to versions 3.4.26 and 3.5.9, the LeaseTimeToLive API allows access to key names (not value) associated to a lease when `Keys` parameter is true, even a user doesn't have read permission to the keys. The impact is limited to a cluster which enables auth (RBAC). Versions 3.4.26 and 3.5.9 fix this issue. There are no known workarounds. NVD-CWE-noinfo, CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
CVSSv3:
Base Score: MEDIUM (4.3) Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:2.8/RC:R/MAV:A References:
Vulnerable Software & Versions: (show all )
jetcd-grpc-0.7.7.jarDescription:
jetcd-grpc License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/runner/.m2/repository/io/etcd/jetcd-grpc/0.7.7/jetcd-grpc-0.7.7.jar
MD5: d50d8583e26bc2ce55b0966a0c774b73
SHA1: 0fa26f72729edb39b506efa96e119f953f59c5a3
SHA256: 4b6098f8e2c2fbfd6eadf45dc454113877a32091878c8a5602d53aaddcc20d0b
Referenced In Projects/Scopes: shardingsphere-proxy-distribution:compile shardingsphere-test-e2e-agent-plugins-metrics-prometheus:compile shardingsphere-test-e2e-transaction:compile shardingsphere-test-e2e-agent-plugins-jaeger:compile shardingsphere-agent-metrics-core:provided shardingsphere-proxy-native-distribution:compile shardingsphere-test-e2e-sql:compile shardingsphere-agent-metrics-prometheus:provided shardingsphere-test-e2e-agent-plugins-logging-file:compile shardingsphere-cluster-mode-repository-etcd:compile shardingsphere-test-e2e-agent-plugins-common:compile shardingsphere-jdbc-distribution:compile shardingsphere-test-e2e-env:compile shardingsphere-test-e2e-fixture:compile shardingsphere-proxy-bootstrap:compile shardingsphere-test-e2e-agent-plugins-zipkin:compile shardingsphere-test-e2e-pipeline:compile shardingsphere-test-e2e-showprocesslist:compile jetcd-grpc-0.7.7.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-common@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-bootstrap@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-bootstrap@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-bootstrap@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-bootstrap@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-bootstrap@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-fixture@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-env@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-cluster-mode-repository-etcd@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-fixture@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-common@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-bootstrap@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-cluster-mode-repository-etcd@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-common@5.5.1-SNAPSHOT pkg:maven/io.etcd/jetcd-core@0.7.7 pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-bootstrap@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-env@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-common@5.5.1-SNAPSHOT Evidence Type Source Name Value Confidence Vendor file name jetcd-grpc High Vendor jar package name etcd Highest Vendor jar package name etcd Low Vendor jar package name io Highest Vendor jar package name io Low Vendor jar package name jetcd Highest Vendor jar package name jetcd Low Vendor pom artifactid jetcd-grpc Highest Vendor pom artifactid jetcd-grpc Low Vendor pom developer id lburgazzoli Medium Vendor pom developer name Anthony Romano Medium Vendor pom developer name Fanmin Shi Medium Vendor pom developer name Luca Burgazzoli Medium Vendor pom developer name Xiang Li Medium Vendor pom developer org CoreOS Medium Vendor pom developer org Red Hat Medium Vendor pom developer org URL http://coreos.com Medium Vendor pom developer org URL http://redhat.com Medium Vendor pom groupid io.etcd Highest Vendor pom name jetcd-grpc High Vendor pom url etcd-io/jetcd Highest Product file name jetcd-grpc High Product jar package name api Low Product jar package name etcd Highest Product jar package name etcd Low Product jar package name io Highest Product jar package name jetcd Highest Product jar package name jetcd Low Product pom artifactid jetcd-grpc Highest Product pom developer id lburgazzoli Low Product pom developer name Anthony Romano Low Product pom developer name Fanmin Shi Low Product pom developer name Luca Burgazzoli Low Product pom developer name Xiang Li Low Product pom developer org CoreOS Low Product pom developer org Red Hat Low Product pom developer org URL http://coreos.com Low Product pom developer org URL http://redhat.com Low Product pom groupid io.etcd Highest Product pom name jetcd-grpc High Product pom url etcd-io/jetcd High Version file version 0.7.7 High Version pom version 0.7.7 Highest
CVE-2017-7860 suppress
Google gRPC before 2017-02-22 has an out-of-bounds write caused by a heap-based buffer overflow related to the parse_unix function in core/ext/client_channel/parse_address.c. CWE-787 Out-of-bounds Write
CVSSv2:
Base Score: HIGH (7.5) Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P CVSSv3:
Base Score: CRITICAL (9.8) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:3.9/RC:R/MAV:A References:
Vulnerable Software & Versions:
CVE-2017-7861 suppress
Google gRPC before 2017-02-22 has an out-of-bounds write related to the gpr_free function in core/lib/support/alloc.c. CWE-787 Out-of-bounds Write
CVSSv2:
Base Score: HIGH (7.5) Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P CVSSv3:
Base Score: CRITICAL (9.8) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:3.9/RC:R/MAV:A References:
Vulnerable Software & Versions:
CVE-2017-8359 suppress
Google gRPC before 2017-03-29 has an out-of-bounds write caused by a heap-based use-after-free related to the grpc_call_destroy function in core/lib/surface/call.c. CWE-787 Out-of-bounds Write
CVSSv2:
Base Score: HIGH (7.5) Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P CVSSv3:
Base Score: CRITICAL (9.8) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:3.9/RC:R/MAV:A References:
Vulnerable Software & Versions:
CVE-2017-9431 suppress
Google gRPC before 2017-04-05 has an out-of-bounds write caused by a heap-based buffer overflow related to core/lib/iomgr/error.c. CWE-787 Out-of-bounds Write
CVSSv2:
Base Score: HIGH (7.5) Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P CVSSv3:
Base Score: CRITICAL (9.8) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:3.9/RC:R/MAV:A References:
Vulnerable Software & Versions:
CVE-2020-7768 suppress
The package grpc before 1.24.4; the package @grpc/grpc-js before 1.1.8 are vulnerable to Prototype Pollution via loadPackageDefinition. CWE-1321 Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
CVSSv2:
Base Score: MEDIUM (5.0) Vector: /AV:N/AC:L/Au:N/C:N/I:N/A:P CVSSv3:
Base Score: CRITICAL (9.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:3.9/RC:R/MAV:A References:
Vulnerable Software & Versions: (show all )
CVE-2023-33953 suppress
gRPC contains a vulnerability that allows hpack table accounting errors could lead to unwanted disconnects between clients and servers in exceptional cases/��Three vectors were found that allow the following DOS attacks:
- Unbounded memory buffering in the HPACK parser
- Unbounded CPU consumption in the HPACK parser
The unbounded CPU consumption is down to a copy that occurred per-input-block in the parser, and because that could be unbounded due to the memory copy bug we end up with an O(n^2) parsing loop, with n selected by the client.
The unbounded memory buffering bugs:
- The header size limit check was behind the string reading code, so we needed to first buffer up to a 4 gigabyte string before rejecting it as longer than 8 or 16kb.
- HPACK varints have an encoding quirk whereby an infinite number of 0���s can be added at the start of an integer. gRPC���s hpack parser needed to read all of them before concluding a parse.
- gRPC���s metadata overflow check was performed per frame, so that the following sequence of frames could cause infinite buffering: HEADERS: containing a: 1 CONTINUATION: containing a: 2 CONTINUATION: containing a: 3 etc��� CWE-789 Memory Allocation with Excessive Size Value, CWE-834 Excessive Iteration, CWE-770 Allocation of Resources Without Limits or Throttling
CVSSv3:
Base Score: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:3.9/RC:R/MAV:A References:
Vulnerable Software & Versions: (show all )
CVE-2023-44487 suppress
CISA Known Exploited Vulnerability: Product: IETF HTTP/2 Name: HTTP/2 Rapid Reset Attack Vulnerability Date Added: 2023-10-10 Description: HTTP/2 contains a rapid reset vulnerability that allows for a distributed denial-of-service attack (DDoS). Required Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. Due Date: 2023-10-31 Notes: This vulnerability affects a common open-source component, third-party library, or a protocol used by different products. Please check with specific vendors for information on patching status. For more information, please see: https://blog.cloudflare.com/technical-breakdown-http2-rapid-reset-ddos-attack/
The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. CWE-400 Uncontrolled Resource Consumption
CVSSv3:
Base Score: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:3.9/RC:R/MAV:A References:
cve@mitre.org - EXPLOIT,THIRD_PARTY_ADVISORY cve@mitre.org - ISSUE_TRACKING cve@mitre.org - ISSUE_TRACKING,PATCH,VENDOR_ADVISORY cve@mitre.org - ISSUE_TRACKING,PATCH,VENDOR_ADVISORY cve@mitre.org - ISSUE_TRACKING,PATCH,VENDOR_ADVISORY cve@mitre.org - ISSUE_TRACKING,PATCH,VENDOR_ADVISORY cve@mitre.org - ISSUE_TRACKING,PRESS/MEDIA_COVERAGE cve@mitre.org - ISSUE_TRACKING,THIRD_PARTY_ADVISORY cve@mitre.org - ISSUE_TRACKING,THIRD_PARTY_ADVISORY cve@mitre.org - ISSUE_TRACKING,THIRD_PARTY_ADVISORY cve@mitre.org - ISSUE_TRACKING,THIRD_PARTY_ADVISORY cve@mitre.org - ISSUE_TRACKING,VENDOR_ADVISORY cve@mitre.org - ISSUE_TRACKING,VENDOR_ADVISORY cve@mitre.org - ISSUE_TRACKING,VENDOR_ADVISORY cve@mitre.org - ISSUE_TRACKING,VENDOR_ADVISORY cve@mitre.org - ISSUE_TRACKING,VENDOR_ADVISORY cve@mitre.org - ISSUE_TRACKING,VENDOR_ADVISORY cve@mitre.org - ISSUE_TRACKING,VENDOR_ADVISORY cve@mitre.org - ISSUE_TRACKING,VENDOR_ADVISORY cve@mitre.org - ISSUE_TRACKING,VENDOR_ADVISORY cve@mitre.org - ISSUE_TRACKING,VENDOR_ADVISORY cve@mitre.org - ISSUE_TRACKING,VENDOR_ADVISORY cve@mitre.org - ISSUE_TRACKING,VENDOR_ADVISORY cve@mitre.org - ISSUE_TRACKING,VENDOR_ADVISORY cve@mitre.org - ISSUE_TRACKING,VENDOR_ADVISORY cve@mitre.org - ISSUE_TRACKING,VENDOR_ADVISORY cve@mitre.org - ISSUE_TRACKING,VENDOR_ADVISORY cve@mitre.org - ISSUE_TRACKING,VENDOR_ADVISORY cve@mitre.org - ISSUE_TRACKING,VENDOR_ADVISORY cve@mitre.org - MAILING_LIST cve@mitre.org - MAILING_LIST,PATCH,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,PATCH,VENDOR_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,VENDOR_ADVISORY cve@mitre.org - MAILING_LIST,VENDOR_ADVISORY cve@mitre.org - MITIGATION,PATCH,VENDOR_ADVISORY cve@mitre.org - MITIGATION,PATCH,VENDOR_ADVISORY cve@mitre.org - MITIGATION,VENDOR_ADVISORY cve@mitre.org - MITIGATION,VENDOR_ADVISORY cve@mitre.org - PATCH,THIRD_PARTY_ADVISORY cve@mitre.org - PATCH,THIRD_PARTY_ADVISORY cve@mitre.org - PATCH,VENDOR_ADVISORY cve@mitre.org - PATCH,VENDOR_ADVISORY cve@mitre.org - PATCH,VENDOR_ADVISORY cve@mitre.org - PATCH,VENDOR_ADVISORY cve@mitre.org - PATCH,VENDOR_ADVISORY cve@mitre.org - PATCH,VENDOR_ADVISORY cve@mitre.org - PATCH,VENDOR_ADVISORY cve@mitre.org - PATCH,VENDOR_ADVISORY cve@mitre.org - PATCH,VENDOR_ADVISORY cve@mitre.org - PATCH,VENDOR_ADVISORY cve@mitre.org - PRESS/MEDIA_COVERAGE cve@mitre.org - PRESS/MEDIA_COVERAGE,THIRD_PARTY_ADVISORY cve@mitre.org - PRESS/MEDIA_COVERAGE,THIRD_PARTY_ADVISORY cve@mitre.org - PRESS/MEDIA_COVERAGE,THIRD_PARTY_ADVISORY cve@mitre.org - PRESS/MEDIA_COVERAGE,THIRD_PARTY_ADVISORY cve@mitre.org - PRODUCT,RELEASE_NOTES,VENDOR_ADVISORY cve@mitre.org - PRODUCT,THIRD_PARTY_ADVISORY cve@mitre.org - PRODUCT,THIRD_PARTY_ADVISORY cve@mitre.org - PRODUCT,VENDOR_ADVISORY cve@mitre.org - RELEASE_NOTES,THIRD_PARTY_ADVISORY cve@mitre.org - RELEASE_NOTES,THIRD_PARTY_ADVISORY cve@mitre.org - RELEASE_NOTES,VENDOR_ADVISORY cve@mitre.org - RELEASE_NOTES,VENDOR_ADVISORY cve@mitre.org - TECHNICAL_DESCRIPTION,THIRD_PARTY_ADVISORY cve@mitre.org - TECHNICAL_DESCRIPTION,VENDOR_ADVISORY cve@mitre.org - TECHNICAL_DESCRIPTION,VENDOR_ADVISORY cve@mitre.org - TECHNICAL_DESCRIPTION,VENDOR_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY,US_GOVERNMENT_RESOURCE cve@mitre.org - VENDOR_ADVISORY cve@mitre.org - VENDOR_ADVISORY cve@mitre.org - VENDOR_ADVISORY cve@mitre.org - VENDOR_ADVISORY cve@mitre.org - VENDOR_ADVISORY cve@mitre.org - VENDOR_ADVISORY cve@mitre.org - VENDOR_ADVISORY cve@mitre.org - VENDOR_ADVISORY cve@mitre.org - VENDOR_ADVISORY cve@mitre.org - VENDOR_ADVISORY cve@mitre.org - VENDOR_ADVISORY cve@mitre.org - VENDOR_ADVISORY cve@mitre.org - VENDOR_ADVISORY cve@mitre.org - VENDOR_ADVISORY cve@mitre.org - VENDOR_ADVISORY cve@mitre.org - VENDOR_ADVISORY cve@mitre.org - VENDOR_ADVISORY cve@mitre.org - VENDOR_ADVISORY cve@mitre.org - VENDOR_ADVISORY cve@mitre.org - VENDOR_ADVISORY cve@mitre.org - VENDOR_ADVISORY Vulnerable Software & Versions: (show all )
CVE-2020-15113 suppress
In etcd before versions 3.3.23 and 3.4.10, certain directory paths are created (etcd data directory and the directory path when provided to automatically generate self-signed certificates for TLS connections with clients) with restricted access permissions (700) by using the os.MkdirAll. This function does not perform any permission checks when a given directory path exists already. A possible workaround is to ensure the directories have the desired permission (700). CWE-281 Improper Preservation of Permissions
CVSSv2:
Base Score: LOW (3.6) Vector: /AV:L/AC:L/Au:N/C:P/I:P/A:N CVSSv3:
Base Score: HIGH (7.1) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N/E:1.8/RC:R/MAV:A References:
Vulnerable Software & Versions: (show all )
CVE-2020-15106 suppress
In etcd before versions 3.3.23 and 3.4.10, a large slice causes panic in decodeRecord method. The size of a record is stored in the length field of a WAL file and no additional validation is done on this data. Therefore, it is possible to forge an extremely large frame size that can unintentionally panic at the expense of any RAFT participant trying to decode the WAL. CWE-20 Improper Input Validation, NVD-CWE-Other
CVSSv2:
Base Score: MEDIUM (4.0) Vector: /AV:N/AC:L/Au:S/C:N/I:N/A:P CVSSv3:
Base Score: MEDIUM (6.5) Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:2.8/RC:R/MAV:A References:
Vulnerable Software & Versions: (show all )
CVE-2020-15112 suppress
In etcd before versions 3.3.23 and 3.4.10, it is possible to have an entry index greater then the number of entries in the ReadAll method in wal/wal.go. This could cause issues when WAL entries are being read during consensus as an arbitrary etcd consensus participant could go down from a runtime panic when reading the entry. CWE-129 Improper Validation of Array Index, CWE-20 Improper Input Validation
CVSSv2:
Base Score: MEDIUM (4.0) Vector: /AV:N/AC:L/Au:S/C:N/I:N/A:P CVSSv3:
Base Score: MEDIUM (6.5) Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:2.8/RC:R/MAV:A References:
Vulnerable Software & Versions: (show all )
CVE-2023-32732 suppress
gRPC contains a vulnerability whereby a client can cause a termination of connection between a HTTP2 proxy and a gRPC server: a base64 encoding error for `-bin` suffixed headers will result in a disconnection by the gRPC server, but is typically allowed by HTTP2 proxies. We recommend upgrading beyond the commit in�� https://github.com/grpc/grpc/pull/32309 https://www.google.com/url
NVD-CWE-Other, CWE-440 Expected Behavior Violation
CVSSv3:
Base Score: MEDIUM (5.3) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:3.9/RC:R/MAV:A References:
Vulnerable Software & Versions:
CVE-2023-32082 suppress
etcd is a distributed key-value store for the data of a distributed system. Prior to versions 3.4.26 and 3.5.9, the LeaseTimeToLive API allows access to key names (not value) associated to a lease when `Keys` parameter is true, even a user doesn't have read permission to the keys. The impact is limited to a cluster which enables auth (RBAC). Versions 3.4.26 and 3.5.9 fix this issue. There are no known workarounds. NVD-CWE-noinfo, CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
CVSSv3:
Base Score: MEDIUM (4.3) Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:2.8/RC:R/MAV:A References:
Vulnerable Software & Versions: (show all )
jettison-1.1.jarDescription:
A StAX implementation for JSON. File Path: /home/runner/.m2/repository/org/codehaus/jettison/jettison/1.1/jettison-1.1.jarMD5: fc80e0aabd516c54739262c3d618303aSHA1: 1a01a2a1218fcf9faa2cc2a6ced025bdea687262SHA256: 377940288b0643c48780137f6f68578937e1ea5ca2b73830a820c50a7b7ed801Referenced In Project/Scope: shardingsphere-infra-database-hive:providedjettison-1.1.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.hive/hive-jdbc@3.1.3
Evidence Type Source Name Value Confidence Vendor file name jettison High Vendor jar package name codehaus Highest Vendor jar package name jettison Highest Vendor jar package name json Highest Vendor Manifest bundle-symbolicname org.codehaus.jettison.jettison Medium Vendor pom artifactid jettison Highest Vendor pom artifactid jettison Low Vendor pom groupid org.codehaus.jettison Highest Vendor pom name Jettison High Product file name jettison High Product jar package name codehaus Highest Product jar package name jettison Highest Product jar package name json Highest Product Manifest Bundle-Name jettison Medium Product Manifest bundle-symbolicname org.codehaus.jettison.jettison Medium Product Manifest Implementation-Title Jettison High Product pom artifactid jettison Highest Product pom groupid org.codehaus.jettison Highest Product pom name Jettison High Version file version 1.1 High Version Manifest Bundle-Version 1.1 High Version Manifest Implementation-Version 1.1 High Version pom version 1.1 Highest
CVE-2022-40149 suppress
Those using Jettison to parse untrusted XML or JSON data may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow. This effect may support a denial of service attack. CWE-787 Out-of-bounds Write, CWE-121 Stack-based Buffer Overflow
CVSSv3:
Base Score: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:3.9/RC:R/MAV:A References:
Vulnerable Software & Versions:
CVE-2022-40150 suppress
Those using Jettison to parse untrusted XML or JSON data may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by Out of memory. This effect may support a denial of service attack. CWE-400 Uncontrolled Resource Consumption, CWE-674 Uncontrolled Recursion
CVSSv3:
Base Score: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:3.9/RC:R/MAV:A References:
Vulnerable Software & Versions:
CVE-2022-45685 suppress
A stack overflow in Jettison before v1.5.2 allows attackers to cause a Denial of Service (DoS) via crafted JSON data. CWE-787 Out-of-bounds Write
CVSSv3:
Base Score: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:3.9/RC:R/MAV:A References:
Vulnerable Software & Versions:
CVE-2022-45693 suppress
Jettison before v1.5.2 was discovered to contain a stack overflow via the map parameter. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted string. CWE-787 Out-of-bounds Write
CVSSv3:
Base Score: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:3.9/RC:R/MAV:A References:
Vulnerable Software & Versions:
CVE-2023-1436 suppress
An infinite recursion is triggered in Jettison when constructing a JSONArray from a Collection that contains a self-reference in one of its elements. This leads to a StackOverflowError exception being thrown.
CWE-674 Uncontrolled Recursion
CVSSv3:
Base Score: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:3.9/RC:R/MAV:A References:
Vulnerable Software & Versions:
jetty-6.1.26.jarDescription:
Jetty server core License:
http://www.apache.org/licenses/LICENSE-2.0, http://www.eclipse.org/org/documents/epl-v10.php File Path: /home/runner/.m2/repository/org/mortbay/jetty/jetty/6.1.26/jetty-6.1.26.jar
MD5: 12b65438bbaf225102d0396c21236052
SHA1: 2f546e289fddd5b1fab1d4199fbb6e9ef43ee4b0
SHA256: 21091d3a9c1349f640fdc421504a604c040ed89087ecc12afbe32353326ed4e5
Referenced In Project/Scope: shardingsphere-infra-database-hive:provided
jetty-6.1.26.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.hive/hive-jdbc@3.1.3
Evidence Type Source Name Value Confidence Vendor file name jetty High Vendor jar package name jetty Highest Vendor jar package name mortbay Highest Vendor jar package name server Highest Vendor Manifest bundle-docurl http://jetty.mortbay.org Low Vendor Manifest bundle-requiredexecutionenvironment J2SE-1.4 Low Vendor Manifest bundle-symbolicname org.mortbay.jetty.server Medium Vendor Manifest mode development Low Vendor Manifest originally-created-by 1.6.0_22 (Sun Microsystems Inc.) Low Vendor Manifest url http://www.eclipse.org/jetty/jetty-parent/project/modules/jetty Low Vendor pom artifactid jetty Highest Vendor pom artifactid jetty Low Vendor pom groupid org.mortbay.jetty Highest Vendor pom name Jetty Server High Vendor pom parent-artifactid project Low Product file name jetty High Product jar package name jetty Highest Product jar package name mortbay Highest Product jar package name server Highest Product Manifest bundle-docurl http://jetty.mortbay.org Low Product Manifest Bundle-Name Jetty Server Medium Product Manifest bundle-requiredexecutionenvironment J2SE-1.4 Low Product Manifest bundle-symbolicname org.mortbay.jetty.server Medium Product Manifest mode development Low Product Manifest originally-created-by 1.6.0_22 (Sun Microsystems Inc.) Low Product Manifest url http://www.eclipse.org/jetty/jetty-parent/project/modules/jetty Low Product pom artifactid jetty Highest Product pom groupid org.mortbay.jetty Highest Product pom name Jetty Server High Product pom parent-artifactid project Medium Version file version 6.1.26 High Version Manifest Bundle-Version 6.1.26 High Version Manifest implementation-version 6.1.26 High Version pom version 6.1.26 Highest
Related Dependencies jetty-util-6.1.26.jarFile Path: /home/runner/.m2/repository/org/mortbay/jetty/jetty-util/6.1.26/jetty-util-6.1.26.jar MD5: 450fedce4f7f8ad3761577b10a664200 SHA1: e5642fe0399814e1687d55a3862aa5a3417226a9 SHA256: 9b974ce2b99f48254b76126337dc45b21226f383aaed616f59780adaf167c047 pkg:maven/org.mortbay.jetty/jetty-util@6.1.26 CVE-2011-4461 suppress
Jetty 8.1.0.RC2 and earlier computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters. CWE-310 Cryptographic Issues
CVSSv2:
Base Score: MEDIUM (5.0) Vector: /AV:N/AC:L/Au:N/C:N/I:N/A:P CVSSv3:
Base Score: MEDIUM (5.3) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:3.9/RC:R/MAV:A References:
Vulnerable Software & Versions: (show all )
CVE-2009-1523 suppress
Directory traversal vulnerability in the HTTP server in Mort Bay Jetty 5.1.14, 6.x before 6.1.17, and 7.x through 7.0.0.M2 allows remote attackers to access arbitrary files via directory traversal sequences in the URI. CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVSSv2:
Base Score: MEDIUM (5.0) Vector: /AV:N/AC:L/Au:N/C:P/I:N/A:N References:
Vulnerable Software & Versions: (show all )
jetty-io-9.3.20.v20170531.jarDescription:
Jetty module for Jetty :: IO Utility License:
http://www.apache.org/licenses/LICENSE-2.0, http://www.eclipse.org/org/documents/epl-v10.php File Path: /home/runner/.m2/repository/org/eclipse/jetty/jetty-io/9.3.20.v20170531/jetty-io-9.3.20.v20170531.jar
MD5: b295516e5fed7cc46742a96200bf288c
SHA1: 5b68e7761fcacefcf26ad9ab50943db65fda2c3d
SHA256: 3d85cc7c8b85f6ab251d0552b0df83c024bd191a48513a6e8c490ab78b8076aa
Referenced In Project/Scope: shardingsphere-infra-database-hive:provided
jetty-io-9.3.20.v20170531.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.hive/hive-jdbc@3.1.3
Evidence Type Source Name Value Confidence Vendor file name jetty-io High Vendor jar package name eclipse Highest Vendor jar package name io Highest Vendor jar package name jetty Highest Vendor Manifest bundle-copyright Copyright (c) 2008-2017 Mort Bay Consulting Pty. Ltd. Low Vendor Manifest bundle-docurl http://www.eclipse.org/jetty Low Vendor Manifest bundle-requiredexecutionenvironment JavaSE-1.8 Low Vendor Manifest bundle-symbolicname org.eclipse.jetty.io Medium Vendor Manifest Implementation-Vendor Eclipse.org - Jetty High Vendor Manifest originally-created-by Apache Maven Bundle Plugin Low Vendor Manifest url http://www.eclipse.org/jetty Low Vendor pom artifactid jetty-io Highest Vendor pom artifactid jetty-io Low Vendor pom groupid org.eclipse.jetty Highest Vendor pom name Jetty :: IO Utility High Vendor pom parent-artifactid jetty-project Low Vendor pom url http://www.eclipse.org/jetty Highest Product file name jetty-io High Product jar package name eclipse Highest Product jar package name io Highest Product jar package name jetty Highest Product Manifest bundle-copyright Copyright (c) 2008-2017 Mort Bay Consulting Pty. Ltd. Low Product Manifest bundle-docurl http://www.eclipse.org/jetty Low Product Manifest Bundle-Name Jetty :: IO Utility Medium Product Manifest bundle-requiredexecutionenvironment JavaSE-1.8 Low Product Manifest bundle-symbolicname org.eclipse.jetty.io Medium Product Manifest originally-created-by Apache Maven Bundle Plugin Low Product Manifest url http://www.eclipse.org/jetty Low Product pom artifactid jetty-io Highest Product pom groupid org.eclipse.jetty Highest Product pom name Jetty :: IO Utility High Product pom parent-artifactid jetty-project Medium Product pom url http://www.eclipse.org/jetty Medium Version file version 9.3.20.v20170531 High Version Manifest Bundle-Version 9.3.20.v20170531 High Version Manifest Implementation-Version 9.3.20.v20170531 High Version pom version 9.3.20.v20170531 Highest
Related Dependencies jetty-annotations-9.3.20.v20170531.jarFile Path: /home/runner/.m2/repository/org/eclipse/jetty/jetty-annotations/9.3.20.v20170531/jetty-annotations-9.3.20.v20170531.jar MD5: 689aa771a8c76364305ba6ceb292b079 SHA1: 53876fc19d12a81ef3b362ff22f666dfa81f22e3 SHA256: 309cdd565968b21982706ddb28ced07de5042d9beea32740d1ad885ffb079e62 pkg:maven/org.eclipse.jetty/jetty-annotations@9.3.20.v20170531 jetty-jaas-9.3.20.v20170531.jarFile Path: /home/runner/.m2/repository/org/eclipse/jetty/jetty-jaas/9.3.20.v20170531/jetty-jaas-9.3.20.v20170531.jar MD5: 8a78eef1cf9273c36f61e67019c43bfc SHA1: 396d07c275b7c1e138fd50e8fa71a6f4c7832a96 SHA256: 1769c655a9850a503d8c7b43af87fcf3c4de681a951a99fce8e33dba67b05931 pkg:maven/org.eclipse.jetty/jetty-jaas@9.3.20.v20170531 jetty-jndi-9.3.20.v20170531.jarFile Path: /home/runner/.m2/repository/org/eclipse/jetty/jetty-jndi/9.3.20.v20170531/jetty-jndi-9.3.20.v20170531.jar MD5: 38e9a5c93ad31b49b139e1172b1ce8bd SHA1: 0c1e7dbf96d6fc49c5c02db28c6e7924e0e64378 SHA256: e7143cf140858d3a384c0918a814dea43b13ecaf8cc03fb8bfd255931bfb3aff pkg:maven/org.eclipse.jetty/jetty-jndi@9.3.20.v20170531 jetty-plus-9.3.20.v20170531.jarFile Path: /home/runner/.m2/repository/org/eclipse/jetty/jetty-plus/9.3.20.v20170531/jetty-plus-9.3.20.v20170531.jar MD5: d5992fdc052133da91cda93487bd36b4 SHA1: 986daac14b43331c0e93f115797849883f12a584 SHA256: 4fdb31d99f72556468d18ff7baf7f268a67a0770bec67f87c474d87856e31f35 pkg:maven/org.eclipse.jetty/jetty-plus@9.3.20.v20170531 jetty-runner-9.3.20.v20170531.jarFile Path: /home/runner/.m2/repository/org/eclipse/jetty/jetty-runner/9.3.20.v20170531/jetty-runner-9.3.20.v20170531.jar MD5: 820df8c6aa310986a96c6f883cf14e91 SHA1: 56d1d067b4e42a6c603ece754534f9a65211924a SHA256: d7baeb1ba3c75db62401fb629015d69024bbb11083c7b3e89cb94ce516df01c9 pkg:maven/org.eclipse.jetty/jetty-runner@9.3.20.v20170531 jetty-security-9.3.20.v20170531.jarFile Path: /home/runner/.m2/repository/org/eclipse/jetty/jetty-security/9.3.20.v20170531/jetty-security-9.3.20.v20170531.jar MD5: 71ce7271d5f56f87302f4c56a9cd82b1 SHA1: 9e2ded957c05f447a0611fa64ca4ab5f7cc5aa65 SHA256: ef370740c45137aa3e6b6217dc03358d16566e5e6c00b0e1cb3ad777491846c3 pkg:maven/org.eclipse.jetty/jetty-security@9.3.20.v20170531 CVE-2017-7657 suppress
In Eclipse Jetty, versions 9.2.x and older, 9.3.x (all configurations), and 9.4.x (non-default configuration with RFC2616 compliance enabled), transfer-encoding chunks are handled poorly. The chunk length parsing was vulnerable to an integer overflow. Thus a large chunk size could be interpreted as a smaller chunk size and content sent as chunk body could be interpreted as a pipelined request. If Jetty was deployed behind an intermediary that imposed some authorization and that intermediary allowed arbitrarily large chunks to be passed on unchanged, then this flaw could be used to bypass the authorization imposed by the intermediary as the fake pipelined request would not be interpreted by the intermediary as a request. CWE-444 Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling'), CWE-190 Integer Overflow or Wraparound
CVSSv2:
Base Score: HIGH (7.5) Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P CVSSv3:
Base Score: CRITICAL (9.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:3.9/RC:R/MAV:A References:
Vulnerable Software & Versions: (show all )
CVE-2017-7658 suppress
In Eclipse Jetty Server, versions 9.2.x and older, 9.3.x (all non HTTP/1.x configurations), and 9.4.x (all HTTP/1.x configurations), when presented with two content-lengths headers, Jetty ignored the second. When presented with a content-length and a chunked encoding header, the content-length was ignored (as per RFC 2616). If an intermediary decided on the shorter length, but still passed on the longer body, then body content could be interpreted by Jetty as a pipelined request. If the intermediary was imposing authorization, the fake pipelined request would bypass that authorization. CWE-444 Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')
CVSSv2:
Base Score: HIGH (7.5) Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P CVSSv3:
Base Score: CRITICAL (9.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:3.9/RC:R/MAV:A References:
Vulnerable Software & Versions: (show all )
CVE-2017-7656 suppress
In Eclipse Jetty, versions 9.2.x and older, 9.3.x (all configurations), and 9.4.x (non-default configuration with RFC2616 compliance enabled), HTTP/0.9 is handled poorly. An HTTP/1 style request line (i.e. method space URI space version) that declares a version of HTTP/0.9 was accepted and treated as a 0.9 request. If deployed behind an intermediary that also accepted and passed through the 0.9 version (but did not act on it), then the response sent could be interpreted by the intermediary as HTTP/1 headers. This could be used to poison the cache if the server allowed the origin client to generate arbitrary content in the response. CWE-444 Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling'), NVD-CWE-noinfo
CVSSv2:
Base Score: MEDIUM (5.0) Vector: /AV:N/AC:L/Au:N/C:N/I:P/A:N CVSSv3:
Base Score: HIGH (7.5) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:3.9/RC:R/MAV:A References:
Vulnerable Software & Versions: (show all )
CVE-2018-12545 suppress
In Eclipse Jetty version 9.3.x and 9.4.x, the server is vulnerable to Denial of Service conditions if a remote client sends either large SETTINGs frames container containing many settings, or many small SETTINGs frames. The vulnerability is due to the additional CPU and memory allocations required to handle changed settings. CWE-400 Uncontrolled Resource Consumption, CWE-770 Allocation of Resources Without Limits or Throttling
CVSSv2:
Base Score: MEDIUM (5.0) Vector: /AV:N/AC:L/Au:N/C:N/I:N/A:P CVSSv3:
Base Score: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:3.9/RC:R/MAV:A References:
Vulnerable Software & Versions: (show all )
CVE-2021-28165 suppress
In Eclipse Jetty 7.2.2 to 9.4.38, 10.0.0.alpha0 to 10.0.1, and 11.0.0.alpha0 to 11.0.1, CPU usage can reach 100% upon receiving a large invalid TLS frame. CWE-400 Uncontrolled Resource Consumption, CWE-755 Improper Handling of Exceptional Conditions, CWE-551 Incorrect Behavior Order: Authorization Before Parsing and Canonicalization
CVSSv2:
Base Score: HIGH (7.8) Vector: /AV:N/AC:L/Au:N/C:N/I:N/A:C CVSSv3:
Base Score: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:3.9/RC:R/MAV:A References:
Vulnerable Software & Versions: (show all )
CVE-2022-2048 suppress
In Eclipse Jetty HTTP/2 server implementation, when encountering an invalid HTTP/2 request, the error handling has a bug that can wind up not properly cleaning up the active connections and associated resources. This can lead to a Denial of Service scenario where there are no enough resources left to process good requests. CWE-664 Improper Control of a Resource Through its Lifetime, NVD-CWE-Other, CWE-410 Insufficient Resource Pool
CVSSv2:
Base Score: MEDIUM (5.0) Vector: /AV:N/AC:L/Au:N/C:N/I:N/A:P CVSSv3:
Base Score: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:3.9/RC:R/MAV:A References:
Vulnerable Software & Versions: (show all )
CVE-2023-36478 suppress
Eclipse Jetty provides a web server and servlet container. In versions 11.0.0 through 11.0.15, 10.0.0 through 10.0.15, and 9.0.0 through 9.4.52, an integer overflow in `MetaDataBuilder.checkSize` allows for HTTP/2 HPACK header values to
exceed their size limit. `MetaDataBuilder.java` determines if a header name or value exceeds the size limit, and throws an exception if the limit is exceeded. However, when length is very large and huffman is true, the multiplication by 4 in line 295
will overflow, and length will become negative. `(_size+length)` will now be negative, and the check on line 296 will not be triggered. Furthermore, `MetaDataBuilder.checkSize` allows for user-entered HPACK header value sizes to be negative, potentially leading to a very large buffer allocation later on when the user-entered size is multiplied by 2. This means that if a user provides a negative length value (or, more precisely, a length value which, when multiplied by the 4/3 fudge factor, is negative), and this length value is a very large positive number when multiplied by 2, then the user can cause a very large buffer to be allocated on the server. Users of HTTP/2 can be impacted by a remote denial of service attack. The issue has been fixed in versions 11.0.16, 10.0.16, and 9.4.53. There are no known workarounds. CWE-400 Uncontrolled Resource Consumption, CWE-190 Integer Overflow or Wraparound
CVSSv3:
Base Score: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:3.9/RC:R/MAV:A References:
Vulnerable Software & Versions: (show all )
CVE-2023-44487 suppress
CISA Known Exploited Vulnerability: Product: IETF HTTP/2 Name: HTTP/2 Rapid Reset Attack Vulnerability Date Added: 2023-10-10 Description: HTTP/2 contains a rapid reset vulnerability that allows for a distributed denial-of-service attack (DDoS). Required Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. Due Date: 2023-10-31 Notes: This vulnerability affects a common open-source component, third-party library, or a protocol used by different products. Please check with specific vendors for information on patching status. For more information, please see: https://blog.cloudflare.com/technical-breakdown-http2-rapid-reset-ddos-attack/
The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. CWE-400 Uncontrolled Resource Consumption
CVSSv3:
Base Score: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:3.9/RC:R/MAV:A References:
cve@mitre.org - EXPLOIT,THIRD_PARTY_ADVISORY cve@mitre.org - ISSUE_TRACKING cve@mitre.org - ISSUE_TRACKING,PATCH,VENDOR_ADVISORY cve@mitre.org - ISSUE_TRACKING,PATCH,VENDOR_ADVISORY cve@mitre.org - ISSUE_TRACKING,PATCH,VENDOR_ADVISORY cve@mitre.org - ISSUE_TRACKING,PATCH,VENDOR_ADVISORY cve@mitre.org - ISSUE_TRACKING,PRESS/MEDIA_COVERAGE cve@mitre.org - ISSUE_TRACKING,THIRD_PARTY_ADVISORY cve@mitre.org - ISSUE_TRACKING,THIRD_PARTY_ADVISORY cve@mitre.org - ISSUE_TRACKING,THIRD_PARTY_ADVISORY cve@mitre.org - ISSUE_TRACKING,THIRD_PARTY_ADVISORY cve@mitre.org - ISSUE_TRACKING,VENDOR_ADVISORY cve@mitre.org - ISSUE_TRACKING,VENDOR_ADVISORY cve@mitre.org - ISSUE_TRACKING,VENDOR_ADVISORY cve@mitre.org - ISSUE_TRACKING,VENDOR_ADVISORY cve@mitre.org - ISSUE_TRACKING,VENDOR_ADVISORY cve@mitre.org - ISSUE_TRACKING,VENDOR_ADVISORY cve@mitre.org - ISSUE_TRACKING,VENDOR_ADVISORY cve@mitre.org - ISSUE_TRACKING,VENDOR_ADVISORY cve@mitre.org - ISSUE_TRACKING,VENDOR_ADVISORY cve@mitre.org - ISSUE_TRACKING,VENDOR_ADVISORY cve@mitre.org - ISSUE_TRACKING,VENDOR_ADVISORY cve@mitre.org - ISSUE_TRACKING,VENDOR_ADVISORY cve@mitre.org - ISSUE_TRACKING,VENDOR_ADVISORY cve@mitre.org - ISSUE_TRACKING,VENDOR_ADVISORY cve@mitre.org - ISSUE_TRACKING,VENDOR_ADVISORY cve@mitre.org - ISSUE_TRACKING,VENDOR_ADVISORY cve@mitre.org - ISSUE_TRACKING,VENDOR_ADVISORY cve@mitre.org - ISSUE_TRACKING,VENDOR_ADVISORY cve@mitre.org - MAILING_LIST cve@mitre.org - MAILING_LIST,PATCH,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,PATCH,VENDOR_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,VENDOR_ADVISORY cve@mitre.org - MAILING_LIST,VENDOR_ADVISORY cve@mitre.org - MITIGATION,PATCH,VENDOR_ADVISORY cve@mitre.org - MITIGATION,PATCH,VENDOR_ADVISORY cve@mitre.org - MITIGATION,VENDOR_ADVISORY cve@mitre.org - MITIGATION,VENDOR_ADVISORY cve@mitre.org - PATCH,THIRD_PARTY_ADVISORY cve@mitre.org - PATCH,THIRD_PARTY_ADVISORY cve@mitre.org - PATCH,VENDOR_ADVISORY cve@mitre.org - PATCH,VENDOR_ADVISORY cve@mitre.org - PATCH,VENDOR_ADVISORY cve@mitre.org - PATCH,VENDOR_ADVISORY cve@mitre.org - PATCH,VENDOR_ADVISORY cve@mitre.org - PATCH,VENDOR_ADVISORY cve@mitre.org - PATCH,VENDOR_ADVISORY cve@mitre.org - PATCH,VENDOR_ADVISORY cve@mitre.org - PATCH,VENDOR_ADVISORY cve@mitre.org - PATCH,VENDOR_ADVISORY cve@mitre.org - PRESS/MEDIA_COVERAGE cve@mitre.org - PRESS/MEDIA_COVERAGE,THIRD_PARTY_ADVISORY cve@mitre.org - PRESS/MEDIA_COVERAGE,THIRD_PARTY_ADVISORY cve@mitre.org - PRESS/MEDIA_COVERAGE,THIRD_PARTY_ADVISORY cve@mitre.org - PRESS/MEDIA_COVERAGE,THIRD_PARTY_ADVISORY cve@mitre.org - PRODUCT,RELEASE_NOTES,VENDOR_ADVISORY cve@mitre.org - PRODUCT,THIRD_PARTY_ADVISORY cve@mitre.org - PRODUCT,THIRD_PARTY_ADVISORY cve@mitre.org - PRODUCT,VENDOR_ADVISORY cve@mitre.org - RELEASE_NOTES,THIRD_PARTY_ADVISORY cve@mitre.org - RELEASE_NOTES,THIRD_PARTY_ADVISORY cve@mitre.org - RELEASE_NOTES,VENDOR_ADVISORY cve@mitre.org - RELEASE_NOTES,VENDOR_ADVISORY cve@mitre.org - TECHNICAL_DESCRIPTION,THIRD_PARTY_ADVISORY cve@mitre.org - TECHNICAL_DESCRIPTION,VENDOR_ADVISORY cve@mitre.org - TECHNICAL_DESCRIPTION,VENDOR_ADVISORY cve@mitre.org - TECHNICAL_DESCRIPTION,VENDOR_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY,US_GOVERNMENT_RESOURCE cve@mitre.org - VENDOR_ADVISORY cve@mitre.org - VENDOR_ADVISORY cve@mitre.org - VENDOR_ADVISORY cve@mitre.org - VENDOR_ADVISORY cve@mitre.org - VENDOR_ADVISORY cve@mitre.org - VENDOR_ADVISORY cve@mitre.org - VENDOR_ADVISORY cve@mitre.org - VENDOR_ADVISORY cve@mitre.org - VENDOR_ADVISORY cve@mitre.org - VENDOR_ADVISORY cve@mitre.org - VENDOR_ADVISORY cve@mitre.org - VENDOR_ADVISORY cve@mitre.org - VENDOR_ADVISORY cve@mitre.org - VENDOR_ADVISORY cve@mitre.org - VENDOR_ADVISORY cve@mitre.org - VENDOR_ADVISORY cve@mitre.org - VENDOR_ADVISORY cve@mitre.org - VENDOR_ADVISORY cve@mitre.org - VENDOR_ADVISORY cve@mitre.org - VENDOR_ADVISORY cve@mitre.org - VENDOR_ADVISORY Vulnerable Software & Versions: (show all )
CVE-2020-27216 suppress
In Eclipse Jetty versions 1.0 thru 9.4.32.v20200930, 10.0.0.alpha1 thru 10.0.0.beta2, and 11.0.0.alpha1 thru 11.0.0.beta2O, on Unix like systems, the system's temporary directory is shared between all users on that system. A collocated user can observe the process of creating a temporary sub directory in the shared temporary directory and race to complete the creation of the temporary subdirectory. If the attacker wins the race then they will have read and write permission to the subdirectory used to unpack web applications, including their WEB-INF/lib jar files and JSP files. If any code is ever executed out of this temporary directory, this can lead to a local privilege escalation vulnerability. CWE-378 Creation of Temporary File With Insecure Permissions, CWE-379 Creation of Temporary File in Directory with Insecure Permissions, NVD-CWE-Other
CVSSv2:
Base Score: MEDIUM (4.4) Vector: /AV:L/AC:M/Au:N/C:P/I:P/A:P CVSSv3:
Base Score: HIGH (7.0) Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:1.0/RC:R/MAV:A References:
emo@eclipse.org - EXPLOIT,MITIGATION,THIRD_PARTY_ADVISORY emo@eclipse.org - EXPLOIT,PATCH,VENDOR_ADVISORY emo@eclipse.org - MAILING_LIST,THIRD_PARTY_ADVISORY emo@eclipse.org - NOT_APPLICABLE,THIRD_PARTY_ADVISORY emo@eclipse.org - PATCH,THIRD_PARTY_ADVISORY emo@eclipse.org - PATCH,THIRD_PARTY_ADVISORY emo@eclipse.org - PATCH,THIRD_PARTY_ADVISORY emo@eclipse.org - PATCH,THIRD_PARTY_ADVISORY emo@eclipse.org - THIRD_PARTY_ADVISORY emo@eclipse.org - THIRD_PARTY_ADVISORY Vulnerable Software & Versions: (show all )
CVE-2019-10241 suppress
In Eclipse Jetty version 9.2.26 and older, 9.3.25 and older, and 9.4.15 and older, the server is vulnerable to XSS conditions if a remote client USES a specially formatted URL against the DefaultServlet or ResourceHandler that is configured for showing a Listing of directory contents. CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVSSv2:
Base Score: MEDIUM (4.3) Vector: /AV:N/AC:M/Au:N/C:N/I:P/A:N CVSSv3:
Base Score: MEDIUM (6.1) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:2.8/RC:R/MAV:A References:
Vulnerable Software & Versions: (show all )
CVE-2018-12536 suppress
In Eclipse Jetty Server, all 9.x versions, on webapps deployed using default Error Handling, when an intentionally bad query arrives that doesn't match a dynamic url-pattern, and is eventually handled by the DefaultServlet's static file serving, the bad characters can trigger a java.nio.file.InvalidPathException which includes the full path to the base resource directory that the DefaultServlet and/or webapp is using. If this InvalidPathException is then handled by the default Error Handler, the InvalidPathException message is included in the error response, revealing the full server path to the requesting system. CWE-209 Generation of Error Message Containing Sensitive Information, NVD-CWE-noinfo
CVSSv2:
Base Score: MEDIUM (5.0) Vector: /AV:N/AC:L/Au:N/C:P/I:N/A:N CVSSv3:
Base Score: MEDIUM (5.3) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:3.9/RC:R/MAV:A References:
Vulnerable Software & Versions: (show all )
CVE-2019-10247 suppress
In Eclipse Jetty version 7.x, 8.x, 9.2.27 and older, 9.3.26 and older, and 9.4.16 and older, the server running on any OS and Jetty version combination will reveal the configured fully qualified directory base resource location on the output of the 404 error for not finding a Context that matches the requested path. The default server behavior on jetty-distribution and jetty-home will include at the end of the Handler tree a DefaultHandler, which is responsible for reporting this 404 error, it presents the various configured contexts as HTML for users to click through to. This produced HTML includes output that contains the configured fully qualified directory base resource location for each context. CWE-213 Exposure of Sensitive Information Due to Incompatible Policies, CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
CVSSv2:
Base Score: MEDIUM (5.0) Vector: /AV:N/AC:L/Au:N/C:P/I:N/A:N CVSSv3:
Base Score: MEDIUM (5.3) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:3.9/RC:R/MAV:A References:
Vulnerable Software & Versions: (show all )
CVE-2021-28169 suppress
For Eclipse Jetty versions <= 9.4.40, <= 10.0.2, <= 11.0.2, it is possible for requests to the ConcatServlet with a doubly encoded path to access protected resources within the WEB-INF directory. For example a request to `/concat?/%2557EB-INF/web.xml` can retrieve the web.xml file. This can reveal sensitive information regarding the implementation of a web application. NVD-CWE-Other, CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
CVSSv2:
Base Score: MEDIUM (5.0) Vector: /AV:N/AC:L/Au:N/C:P/I:N/A:N CVSSv3:
Base Score: MEDIUM (5.3) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:3.9/RC:R/MAV:A References:
Vulnerable Software & Versions: (show all )
CVE-2023-26048 suppress
Jetty is a java based web server and servlet engine. In affected versions servlets with multipart support (e.g. annotated with `@MultipartConfig`) that call `HttpServletRequest.getParameter()` or `HttpServletRequest.getParts()` may cause `OutOfMemoryError` when the client sends a multipart request with a part that has a name but no filename and very large content. This happens even with the default settings of `fileSizeThreshold=0` which should stream the whole part content to disk. An attacker client may send a large multipart request and cause the server to throw `OutOfMemoryError`. However, the server may be able to recover after the `OutOfMemoryError` and continue its service -- although it may take some time. This issue has been patched in versions 9.4.51, 10.0.14, and 11.0.14. Users are advised to upgrade. Users unable to upgrade may set the multipart parameter `maxRequestSize` which must be set to a non-negative value, so the whole multipart content is limited (although still read into memory). CWE-400 Uncontrolled Resource Consumption, CWE-770 Allocation of Resources Without Limits or Throttling
CVSSv3:
Base Score: MEDIUM (5.3) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:3.9/RC:R/MAV:A References:
Vulnerable Software & Versions: (show all )
CVE-2023-26049 suppress
Jetty is a java based web server and servlet engine. Nonstandard cookie parsing in Jetty may allow an attacker to smuggle cookies within other cookies, or otherwise perform unintended behavior by tampering with the cookie parsing mechanism. If Jetty sees a cookie VALUE that starts with `"` (double quote), it will continue to read the cookie string until it sees a closing quote -- even if a semicolon is encountered. So, a cookie header such as: `DISPLAY_LANGUAGE="b; JSESSIONID=1337; c=d"` will be parsed as one cookie, with the name DISPLAY_LANGUAGE and a value of b; JSESSIONID=1337; c=d instead of 3 separate cookies. This has security implications because if, say, JSESSIONID is an HttpOnly cookie, and the DISPLAY_LANGUAGE cookie value is rendered on the page, an attacker can smuggle the JSESSIONID cookie into the DISPLAY_LANGUAGE cookie and thereby exfiltrate it. This is significant when an intermediary is enacting some policy based on cookies, so a smuggled cookie can bypass that policy yet still be seen by the Jetty server or its logging system. This issue has been addressed in versions 9.4.51, 10.0.14, 11.0.14, and 12.0.0.beta0 and users are advised to upgrade. There are no known workarounds for this issue. NVD-CWE-noinfo, CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
CVSSv3:
Base Score: MEDIUM (5.3) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:3.9/RC:R/MAV:A References:
Vulnerable Software & Versions: (show all )
CVE-2023-40167 suppress
Jetty is a Java based web server and servlet engine. Prior to versions 9.4.52, 10.0.16, 11.0.16, and 12.0.1, Jetty accepts the `+` character proceeding the content-length value in a HTTP/1 header field. This is more permissive than allowed by the RFC and other servers routinely reject such requests with 400 responses. There is no known exploit scenario, but it is conceivable that request smuggling could result if jetty is used in combination with a server that does not close the connection after sending such a 400 response. Versions 9.4.52, 10.0.16, 11.0.16, and 12.0.1 contain a patch for this issue. There is no workaround as there is no known exploit scenario. CWE-130 Improper Handling of Length Parameter Inconsistency, NVD-CWE-noinfo
CVSSv3:
Base Score: MEDIUM (5.3) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:3.9/RC:R/MAV:A References:
Vulnerable Software & Versions: (show all )
CVE-2023-36479 suppress
Eclipse Jetty Canonical Repository is the canonical repository for the Jetty project. Users of the CgiServlet with a very specific command structure may have the wrong command executed. If a user sends a request to a org.eclipse.jetty.servlets.CGI Servlet for a binary with a space in its name, the servlet will escape the command by wrapping it in quotation marks. This wrapped command, plus an optional command prefix, will then be executed through a call to Runtime.exec. If the original binary name provided by the user contains a quotation mark followed by a space, the resulting command line will contain multiple tokens instead of one. This issue was patched in version 9.4.52, 10.0.16, 11.0.16 and 12.0.0-beta2.
CWE-149 Improper Neutralization of Quoting Syntax
CVSSv3:
Base Score: MEDIUM (4.3) Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N/E:2.8/RC:R/MAV:A References:
Vulnerable Software & Versions: (show all )
CVE-2021-34428 suppress
For Eclipse Jetty versions <= 9.4.40, <= 10.0.2, <= 11.0.2, if an exception is thrown from the SessionListener#sessionDestroyed() method, then the session ID is not invalidated in the session ID manager. On deployments with clustered sessions and multiple contexts this can result in a session not being invalidated. This can result in an application used on a shared computer being left logged in. CWE-613 Insufficient Session Expiration
CVSSv2:
Base Score: LOW (3.6) Vector: /AV:L/AC:L/Au:N/C:P/I:P/A:N CVSSv3:
Base Score: LOW (3.5) Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N/E:0.9/RC:R/MAV:A References:
Vulnerable Software & Versions: (show all )
CVE-2022-2047 suppress
In Eclipse Jetty versions 9.4.0 thru 9.4.46, and 10.0.0 thru 10.0.9, and 11.0.0 thru 11.0.9 versions, the parsing of the authority segment of an http scheme URI, the Jetty HttpURI class improperly detects an invalid input as a hostname. This can lead to failures in a Proxy scenario. CWE-20 Improper Input Validation
CVSSv2:
Base Score: MEDIUM (4.0) Vector: /AV:N/AC:L/Au:S/C:N/I:P/A:N CVSSv3:
Base Score: LOW (2.7) Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N/E:1.2/RC:R/MAV:A References:
Vulnerable Software & Versions: (show all )
jetty-runner-9.3.20.v20170531.jar (shaded: org.eclipse.jetty:jetty-server:9.3.20.v20170531)Description:
The core jetty server artifact. File Path: /home/runner/.m2/repository/org/eclipse/jetty/jetty-runner/9.3.20.v20170531/jetty-runner-9.3.20.v20170531.jar/META-INF/maven/org.eclipse.jetty/jetty-server/pom.xmlMD5: 3f61936bbbcf772b00a4e294151aeb34SHA1: fe2ce3acefe092a841f3afdc3911eb90c130a8e4SHA256: 6d540e00864d3b8c289829676493dc3378a9de864508e1d44f00a930d5ce8d31Referenced In Project/Scope: shardingsphere-infra-database-hive:provided
Evidence Type Source Name Value Confidence Vendor pom artifactid jetty-server Low Vendor pom groupid org.eclipse.jetty Highest Vendor pom name Jetty :: Server Core High Vendor pom parent-artifactid jetty-project Low Vendor pom url http://www.eclipse.org/jetty Highest Product pom artifactid jetty-server Highest Product pom groupid org.eclipse.jetty Highest Product pom name Jetty :: Server Core High Product pom parent-artifactid jetty-project Medium Product pom url http://www.eclipse.org/jetty Medium Version pom version 9.3.20.v20170531 Highest
Related Dependencies jetty-runner-9.3.20.v20170531.jar (shaded: org.eclipse.jetty.websocket:websocket-client:9.3.20.v20170531)File Path: /home/runner/.m2/repository/org/eclipse/jetty/jetty-runner/9.3.20.v20170531/jetty-runner-9.3.20.v20170531.jar/META-INF/maven/org.eclipse.jetty.websocket/websocket-client/pom.xml MD5: 3e591e4f4bedb7bcb74bad3cd7d5d126 SHA1: 277b4085c4cfef8cb3493b5b5b68378697629999 SHA256: b8cffcf72efe4b3bcab5f46dd7f017af588d961d781606a418f52396feb2b626 pkg:maven/org.eclipse.jetty.websocket/websocket-client@9.3.20.v20170531 jetty-runner-9.3.20.v20170531.jar (shaded: org.eclipse.jetty.websocket:websocket-common:9.3.20.v20170531)File Path: /home/runner/.m2/repository/org/eclipse/jetty/jetty-runner/9.3.20.v20170531/jetty-runner-9.3.20.v20170531.jar/META-INF/maven/org.eclipse.jetty.websocket/websocket-common/pom.xml MD5: ddda715018900058cc8f7a5fc18bdc39 SHA1: 5eb1ee77e8495de4ae316e97ddf4df2041ee9450 SHA256: d6d84358e879a9c447eb3e377219d11da07f5029eb3d3fcaea303fe98b60f0e0 pkg:maven/org.eclipse.jetty.websocket/websocket-common@9.3.20.v20170531 jetty-runner-9.3.20.v20170531.jar (shaded: org.eclipse.jetty.websocket:websocket-server:9.3.20.v20170531)File Path: /home/runner/.m2/repository/org/eclipse/jetty/jetty-runner/9.3.20.v20170531/jetty-runner-9.3.20.v20170531.jar/META-INF/maven/org.eclipse.jetty.websocket/websocket-server/pom.xml MD5: 3fb29fb0e9c3550ba06108b7f06e776d SHA1: 17ad4f79f3b107108e5ffac700a7fd7b1eb841aa SHA256: d89c6327a0c573d4c79b5eae7adea236c43bca0e626155c5988a951b2847b3de pkg:maven/org.eclipse.jetty.websocket/websocket-server@9.3.20.v20170531 jetty-runner-9.3.20.v20170531.jar (shaded: org.eclipse.jetty.websocket:websocket-servlet:9.3.20.v20170531)File Path: /home/runner/.m2/repository/org/eclipse/jetty/jetty-runner/9.3.20.v20170531/jetty-runner-9.3.20.v20170531.jar/META-INF/maven/org.eclipse.jetty.websocket/websocket-servlet/pom.xml MD5: 851975d02855837e172daa6c22464dc2 SHA1: ec9839188382eed5f6023fe6f6a29174fc051769 SHA256: 00bf65a47421345e8d99c5ff37eca532bf08a56631a7bb2706a93a692c0a4d2d pkg:maven/org.eclipse.jetty.websocket/websocket-servlet@9.3.20.v20170531 jetty-runner-9.3.20.v20170531.jar (shaded: org.eclipse.jetty:apache-jsp:9.3.20.v20170531)File Path: /home/runner/.m2/repository/org/eclipse/jetty/jetty-runner/9.3.20.v20170531/jetty-runner-9.3.20.v20170531.jar/META-INF/maven/org.eclipse.jetty/apache-jsp/pom.xml MD5: 844200fae371fc1b2d67be3bf32411e3 SHA1: 6abb9ac35d65432a4d5a83e5df06a02967e89fbc SHA256: b7969076fe22fd998d43f4313576d8e5beb27989c4c5dedd7a077c59ad866908 pkg:maven/org.eclipse.jetty/apache-jsp@9.3.20.v20170531 jetty-runner-9.3.20.v20170531.jar (shaded: org.eclipse.jetty:jetty-annotations:9.3.20.v20170531)File Path: /home/runner/.m2/repository/org/eclipse/jetty/jetty-runner/9.3.20.v20170531/jetty-runner-9.3.20.v20170531.jar/META-INF/maven/org.eclipse.jetty/jetty-annotations/pom.xml MD5: 17c4f2ea833c495d1d33402b92f01b11 SHA1: c024a6ba60541b8ffd886de4855ffde3944bb848 SHA256: 78aae1efda7c002704801ffc67245156b8a4006c83d444e4cefdfcdf4a45387a pkg:maven/org.eclipse.jetty/jetty-annotations@9.3.20.v20170531 jetty-runner-9.3.20.v20170531.jar (shaded: org.eclipse.jetty:jetty-http:9.3.20.v20170531)File Path: /home/runner/.m2/repository/org/eclipse/jetty/jetty-runner/9.3.20.v20170531/jetty-runner-9.3.20.v20170531.jar/META-INF/maven/org.eclipse.jetty/jetty-http/pom.xml MD5: 1cee98ac1304074e5772c24d06c0c67b SHA1: a84f1a5d2c0e0283c61eb6da8e4dde2385711fcf SHA256: 5fb78555d5b1435094ed82f199fa4edfb938de37f2671fd8bb5e25d5ab559eb2 pkg:maven/org.eclipse.jetty/jetty-http@9.3.20.v20170531 jetty-runner-9.3.20.v20170531.jar (shaded: org.eclipse.jetty:jetty-io:9.3.20.v20170531)File Path: /home/runner/.m2/repository/org/eclipse/jetty/jetty-runner/9.3.20.v20170531/jetty-runner-9.3.20.v20170531.jar/META-INF/maven/org.eclipse.jetty/jetty-io/pom.xml MD5: 29fa7d7ac496a2402edd0e5c6b2497ab SHA1: b31b03cb2709f241d039798bb5bdd573592efc03 SHA256: 326b2035db6be8a2bdb1c00324a04ea2141130b91263e0b6687ec5d431b72ae7 pkg:maven/org.eclipse.jetty/jetty-io@9.3.20.v20170531 jetty-runner-9.3.20.v20170531.jar (shaded: org.eclipse.jetty:jetty-jaas:9.3.20.v20170531)File Path: /home/runner/.m2/repository/org/eclipse/jetty/jetty-runner/9.3.20.v20170531/jetty-runner-9.3.20.v20170531.jar/META-INF/maven/org.eclipse.jetty/jetty-jaas/pom.xml MD5: df453065e0c0d0a4ca6e99098ba3d3a2 SHA1: bec0e9395d60bf781ada0decf9bc628e8dec714e SHA256: 8623cbca5586b6093b0e9c017c0d31a1213e94569111a25da09f42c82def7ed1 pkg:maven/org.eclipse.jetty/jetty-jaas@9.3.20.v20170531 jetty-runner-9.3.20.v20170531.jar (shaded: org.eclipse.jetty:jetty-jndi:9.3.20.v20170531)File Path: /home/runner/.m2/repository/org/eclipse/jetty/jetty-runner/9.3.20.v20170531/jetty-runner-9.3.20.v20170531.jar/META-INF/maven/org.eclipse.jetty/jetty-jndi/pom.xml MD5: 2dc65ca82b2cc00b25915376fe4840d7 SHA1: 33079272c701259eb0f3402323d0316e83b8f964 SHA256: 74e39e5012f148b752b675ad18f31d798822b0c9b51a9b4c558d52d5bafb74ed pkg:maven/org.eclipse.jetty/jetty-jndi@9.3.20.v20170531 jetty-runner-9.3.20.v20170531.jar (shaded: org.eclipse.jetty:jetty-plus:9.3.20.v20170531)File Path: /home/runner/.m2/repository/org/eclipse/jetty/jetty-runner/9.3.20.v20170531/jetty-runner-9.3.20.v20170531.jar/META-INF/maven/org.eclipse.jetty/jetty-plus/pom.xml MD5: 501d37406fb4444b78e1945612606185 SHA1: c5315dd6623486dbf83812026e9f666d80df744c SHA256: 55b27362a61e34ac6611d32a0b947b7df8e2b3e6a2630925602e9e339bc759eb pkg:maven/org.eclipse.jetty/jetty-plus@9.3.20.v20170531 jetty-runner-9.3.20.v20170531.jar (shaded: org.eclipse.jetty:jetty-security:9.3.20.v20170531)File Path: /home/runner/.m2/repository/org/eclipse/jetty/jetty-runner/9.3.20.v20170531/jetty-runner-9.3.20.v20170531.jar/META-INF/maven/org.eclipse.jetty/jetty-security/pom.xml MD5: a7ddd1a08a6e9126a7ebb50175a95265 SHA1: ddccf125683855e874fd7dcd859d0b163036ed1f SHA256: 7db5391f6462c29c7a3942b25deedf52b053e405ba9634fc4628a4b6b6b0deb6 pkg:maven/org.eclipse.jetty/jetty-security@9.3.20.v20170531 jetty-runner-9.3.20.v20170531.jar (shaded: org.eclipse.jetty:jetty-servlet:9.3.20.v20170531)File Path: /home/runner/.m2/repository/org/eclipse/jetty/jetty-runner/9.3.20.v20170531/jetty-runner-9.3.20.v20170531.jar/META-INF/maven/org.eclipse.jetty/jetty-servlet/pom.xml MD5: c0d91c889839a4cd3e200891733a222b SHA1: b901ccbc6ff7ec8eaa3b2d4d71f69b3680ea4c48 SHA256: 772693fd61fcc7625c62d9201a419dbced8358dd3cb6881c309602b3cd14f302 pkg:maven/org.eclipse.jetty/jetty-servlet@9.3.20.v20170531 jetty-runner-9.3.20.v20170531.jar (shaded: org.eclipse.jetty:jetty-webapp:9.3.20.v20170531)File Path: /home/runner/.m2/repository/org/eclipse/jetty/jetty-runner/9.3.20.v20170531/jetty-runner-9.3.20.v20170531.jar/META-INF/maven/org.eclipse.jetty/jetty-webapp/pom.xml MD5: 4a513ec25b5150fc03fb6dfddf8863f2 SHA1: d984ca680407ccbd4ec228fe4a9ad96a0f6310ad SHA256: 80c59591b42609d4bee8ea69ef2925c20ccb76668632f3f93c7c9ca259bdd83c pkg:maven/org.eclipse.jetty/jetty-webapp@9.3.20.v20170531 jetty-runner-9.3.20.v20170531.jar (shaded: org.eclipse.jetty:jetty-xml:9.3.20.v20170531)File Path: /home/runner/.m2/repository/org/eclipse/jetty/jetty-runner/9.3.20.v20170531/jetty-runner-9.3.20.v20170531.jar/META-INF/maven/org.eclipse.jetty/jetty-xml/pom.xml MD5: 7b8844df17261ed098e7372efbbef7c2 SHA1: 3689fa570431ad881c53d2c183755c5919e2784f SHA256: 6c36b90bbbff280f52d442fbda6b3f33210b3f756186335685b3b6f226c03f08 pkg:maven/org.eclipse.jetty/jetty-xml@9.3.20.v20170531 CVE-2017-7657 suppress
In Eclipse Jetty, versions 9.2.x and older, 9.3.x (all configurations), and 9.4.x (non-default configuration with RFC2616 compliance enabled), transfer-encoding chunks are handled poorly. The chunk length parsing was vulnerable to an integer overflow. Thus a large chunk size could be interpreted as a smaller chunk size and content sent as chunk body could be interpreted as a pipelined request. If Jetty was deployed behind an intermediary that imposed some authorization and that intermediary allowed arbitrarily large chunks to be passed on unchanged, then this flaw could be used to bypass the authorization imposed by the intermediary as the fake pipelined request would not be interpreted by the intermediary as a request. CWE-444 Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling'), CWE-190 Integer Overflow or Wraparound
CVSSv2:
Base Score: HIGH (7.5) Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P CVSSv3:
Base Score: CRITICAL (9.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:3.9/RC:R/MAV:A References:
Vulnerable Software & Versions: (show all )
CVE-2017-7658 suppress
In Eclipse Jetty Server, versions 9.2.x and older, 9.3.x (all non HTTP/1.x configurations), and 9.4.x (all HTTP/1.x configurations), when presented with two content-lengths headers, Jetty ignored the second. When presented with a content-length and a chunked encoding header, the content-length was ignored (as per RFC 2616). If an intermediary decided on the shorter length, but still passed on the longer body, then body content could be interpreted by Jetty as a pipelined request. If the intermediary was imposing authorization, the fake pipelined request would bypass that authorization. CWE-444 Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')
CVSSv2:
Base Score: HIGH (7.5) Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P CVSSv3:
Base Score: CRITICAL (9.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:3.9/RC:R/MAV:A References:
Vulnerable Software & Versions: (show all )
CVE-2017-7656 suppress
In Eclipse Jetty, versions 9.2.x and older, 9.3.x (all configurations), and 9.4.x (non-default configuration with RFC2616 compliance enabled), HTTP/0.9 is handled poorly. An HTTP/1 style request line (i.e. method space URI space version) that declares a version of HTTP/0.9 was accepted and treated as a 0.9 request. If deployed behind an intermediary that also accepted and passed through the 0.9 version (but did not act on it), then the response sent could be interpreted by the intermediary as HTTP/1 headers. This could be used to poison the cache if the server allowed the origin client to generate arbitrary content in the response. CWE-444 Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling'), NVD-CWE-noinfo
CVSSv2:
Base Score: MEDIUM (5.0) Vector: /AV:N/AC:L/Au:N/C:N/I:P/A:N CVSSv3:
Base Score: HIGH (7.5) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:3.9/RC:R/MAV:A References:
Vulnerable Software & Versions: (show all )
CVE-2018-12545 suppress
In Eclipse Jetty version 9.3.x and 9.4.x, the server is vulnerable to Denial of Service conditions if a remote client sends either large SETTINGs frames container containing many settings, or many small SETTINGs frames. The vulnerability is due to the additional CPU and memory allocations required to handle changed settings. CWE-400 Uncontrolled Resource Consumption, CWE-770 Allocation of Resources Without Limits or Throttling
CVSSv2:
Base Score: MEDIUM (5.0) Vector: /AV:N/AC:L/Au:N/C:N/I:N/A:P CVSSv3:
Base Score: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:3.9/RC:R/MAV:A References:
Vulnerable Software & Versions: (show all )
CVE-2021-28165 suppress
In Eclipse Jetty 7.2.2 to 9.4.38, 10.0.0.alpha0 to 10.0.1, and 11.0.0.alpha0 to 11.0.1, CPU usage can reach 100% upon receiving a large invalid TLS frame. CWE-400 Uncontrolled Resource Consumption, CWE-755 Improper Handling of Exceptional Conditions, CWE-551 Incorrect Behavior Order: Authorization Before Parsing and Canonicalization
CVSSv2:
Base Score: HIGH (7.8) Vector: /AV:N/AC:L/Au:N/C:N/I:N/A:C CVSSv3:
Base Score: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:3.9/RC:R/MAV:A References:
Vulnerable Software & Versions: (show all )
CVE-2022-2048 suppress
In Eclipse Jetty HTTP/2 server implementation, when encountering an invalid HTTP/2 request, the error handling has a bug that can wind up not properly cleaning up the active connections and associated resources. This can lead to a Denial of Service scenario where there are no enough resources left to process good requests. CWE-664 Improper Control of a Resource Through its Lifetime, NVD-CWE-Other, CWE-410 Insufficient Resource Pool
CVSSv2:
Base Score: MEDIUM (5.0) Vector: /AV:N/AC:L/Au:N/C:N/I:N/A:P CVSSv3:
Base Score: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:3.9/RC:R/MAV:A References:
Vulnerable Software & Versions: (show all )
CVE-2023-36478 suppress
Eclipse Jetty provides a web server and servlet container. In versions 11.0.0 through 11.0.15, 10.0.0 through 10.0.15, and 9.0.0 through 9.4.52, an integer overflow in `MetaDataBuilder.checkSize` allows for HTTP/2 HPACK header values to
exceed their size limit. `MetaDataBuilder.java` determines if a header name or value exceeds the size limit, and throws an exception if the limit is exceeded. However, when length is very large and huffman is true, the multiplication by 4 in line 295
will overflow, and length will become negative. `(_size+length)` will now be negative, and the check on line 296 will not be triggered. Furthermore, `MetaDataBuilder.checkSize` allows for user-entered HPACK header value sizes to be negative, potentially leading to a very large buffer allocation later on when the user-entered size is multiplied by 2. This means that if a user provides a negative length value (or, more precisely, a length value which, when multiplied by the 4/3 fudge factor, is negative), and this length value is a very large positive number when multiplied by 2, then the user can cause a very large buffer to be allocated on the server. Users of HTTP/2 can be impacted by a remote denial of service attack. The issue has been fixed in versions 11.0.16, 10.0.16, and 9.4.53. There are no known workarounds. CWE-400 Uncontrolled Resource Consumption, CWE-190 Integer Overflow or Wraparound
CVSSv3:
Base Score: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:3.9/RC:R/MAV:A References:
Vulnerable Software & Versions: (show all )
CVE-2023-44487 suppress
CISA Known Exploited Vulnerability: Product: IETF HTTP/2 Name: HTTP/2 Rapid Reset Attack Vulnerability Date Added: 2023-10-10 Description: HTTP/2 contains a rapid reset vulnerability that allows for a distributed denial-of-service attack (DDoS). Required Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. Due Date: 2023-10-31 Notes: This vulnerability affects a common open-source component, third-party library, or a protocol used by different products. Please check with specific vendors for information on patching status. For more information, please see: https://blog.cloudflare.com/technical-breakdown-http2-rapid-reset-ddos-attack/
The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. CWE-400 Uncontrolled Resource Consumption
CVSSv3:
Base Score: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:3.9/RC:R/MAV:A References:
cve@mitre.org - EXPLOIT,THIRD_PARTY_ADVISORY cve@mitre.org - ISSUE_TRACKING cve@mitre.org - ISSUE_TRACKING,PATCH,VENDOR_ADVISORY cve@mitre.org - ISSUE_TRACKING,PATCH,VENDOR_ADVISORY cve@mitre.org - ISSUE_TRACKING,PATCH,VENDOR_ADVISORY cve@mitre.org - ISSUE_TRACKING,PATCH,VENDOR_ADVISORY cve@mitre.org - ISSUE_TRACKING,PRESS/MEDIA_COVERAGE cve@mitre.org - ISSUE_TRACKING,THIRD_PARTY_ADVISORY cve@mitre.org - ISSUE_TRACKING,THIRD_PARTY_ADVISORY cve@mitre.org - ISSUE_TRACKING,THIRD_PARTY_ADVISORY cve@mitre.org - ISSUE_TRACKING,THIRD_PARTY_ADVISORY cve@mitre.org - ISSUE_TRACKING,VENDOR_ADVISORY cve@mitre.org - ISSUE_TRACKING,VENDOR_ADVISORY cve@mitre.org - ISSUE_TRACKING,VENDOR_ADVISORY cve@mitre.org - ISSUE_TRACKING,VENDOR_ADVISORY cve@mitre.org - ISSUE_TRACKING,VENDOR_ADVISORY cve@mitre.org - ISSUE_TRACKING,VENDOR_ADVISORY cve@mitre.org - ISSUE_TRACKING,VENDOR_ADVISORY cve@mitre.org - ISSUE_TRACKING,VENDOR_ADVISORY cve@mitre.org - ISSUE_TRACKING,VENDOR_ADVISORY cve@mitre.org - ISSUE_TRACKING,VENDOR_ADVISORY cve@mitre.org - ISSUE_TRACKING,VENDOR_ADVISORY cve@mitre.org - ISSUE_TRACKING,VENDOR_ADVISORY cve@mitre.org - ISSUE_TRACKING,VENDOR_ADVISORY cve@mitre.org - ISSUE_TRACKING,VENDOR_ADVISORY cve@mitre.org - ISSUE_TRACKING,VENDOR_ADVISORY cve@mitre.org - ISSUE_TRACKING,VENDOR_ADVISORY cve@mitre.org - ISSUE_TRACKING,VENDOR_ADVISORY cve@mitre.org - ISSUE_TRACKING,VENDOR_ADVISORY cve@mitre.org - MAILING_LIST cve@mitre.org - MAILING_LIST,PATCH,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,PATCH,VENDOR_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,VENDOR_ADVISORY cve@mitre.org - MAILING_LIST,VENDOR_ADVISORY cve@mitre.org - MITIGATION,PATCH,VENDOR_ADVISORY cve@mitre.org - MITIGATION,PATCH,VENDOR_ADVISORY cve@mitre.org - MITIGATION,VENDOR_ADVISORY cve@mitre.org - MITIGATION,VENDOR_ADVISORY cve@mitre.org - PATCH,THIRD_PARTY_ADVISORY cve@mitre.org - PATCH,THIRD_PARTY_ADVISORY cve@mitre.org - PATCH,VENDOR_ADVISORY cve@mitre.org - PATCH,VENDOR_ADVISORY cve@mitre.org - PATCH,VENDOR_ADVISORY cve@mitre.org - PATCH,VENDOR_ADVISORY cve@mitre.org - PATCH,VENDOR_ADVISORY cve@mitre.org - PATCH,VENDOR_ADVISORY cve@mitre.org - PATCH,VENDOR_ADVISORY cve@mitre.org - PATCH,VENDOR_ADVISORY cve@mitre.org - PATCH,VENDOR_ADVISORY cve@mitre.org - PATCH,VENDOR_ADVISORY cve@mitre.org - PRESS/MEDIA_COVERAGE cve@mitre.org - PRESS/MEDIA_COVERAGE,THIRD_PARTY_ADVISORY cve@mitre.org - PRESS/MEDIA_COVERAGE,THIRD_PARTY_ADVISORY cve@mitre.org - PRESS/MEDIA_COVERAGE,THIRD_PARTY_ADVISORY cve@mitre.org - PRESS/MEDIA_COVERAGE,THIRD_PARTY_ADVISORY cve@mitre.org - PRODUCT,RELEASE_NOTES,VENDOR_ADVISORY cve@mitre.org - PRODUCT,THIRD_PARTY_ADVISORY cve@mitre.org - PRODUCT,THIRD_PARTY_ADVISORY cve@mitre.org - PRODUCT,VENDOR_ADVISORY cve@mitre.org - RELEASE_NOTES,THIRD_PARTY_ADVISORY cve@mitre.org - RELEASE_NOTES,THIRD_PARTY_ADVISORY cve@mitre.org - RELEASE_NOTES,VENDOR_ADVISORY cve@mitre.org - RELEASE_NOTES,VENDOR_ADVISORY cve@mitre.org - TECHNICAL_DESCRIPTION,THIRD_PARTY_ADVISORY cve@mitre.org - TECHNICAL_DESCRIPTION,VENDOR_ADVISORY cve@mitre.org - TECHNICAL_DESCRIPTION,VENDOR_ADVISORY cve@mitre.org - TECHNICAL_DESCRIPTION,VENDOR_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY,US_GOVERNMENT_RESOURCE cve@mitre.org - VENDOR_ADVISORY cve@mitre.org - VENDOR_ADVISORY cve@mitre.org - VENDOR_ADVISORY cve@mitre.org - VENDOR_ADVISORY cve@mitre.org - VENDOR_ADVISORY cve@mitre.org - VENDOR_ADVISORY cve@mitre.org - VENDOR_ADVISORY cve@mitre.org - VENDOR_ADVISORY cve@mitre.org - VENDOR_ADVISORY cve@mitre.org - VENDOR_ADVISORY cve@mitre.org - VENDOR_ADVISORY cve@mitre.org - VENDOR_ADVISORY cve@mitre.org - VENDOR_ADVISORY cve@mitre.org - VENDOR_ADVISORY cve@mitre.org - VENDOR_ADVISORY cve@mitre.org - VENDOR_ADVISORY cve@mitre.org - VENDOR_ADVISORY cve@mitre.org - VENDOR_ADVISORY cve@mitre.org - VENDOR_ADVISORY cve@mitre.org - VENDOR_ADVISORY cve@mitre.org - VENDOR_ADVISORY Vulnerable Software & Versions: (show all )
CVE-2020-27216 suppress
In Eclipse Jetty versions 1.0 thru 9.4.32.v20200930, 10.0.0.alpha1 thru 10.0.0.beta2, and 11.0.0.alpha1 thru 11.0.0.beta2O, on Unix like systems, the system's temporary directory is shared between all users on that system. A collocated user can observe the process of creating a temporary sub directory in the shared temporary directory and race to complete the creation of the temporary subdirectory. If the attacker wins the race then they will have read and write permission to the subdirectory used to unpack web applications, including their WEB-INF/lib jar files and JSP files. If any code is ever executed out of this temporary directory, this can lead to a local privilege escalation vulnerability. CWE-378 Creation of Temporary File With Insecure Permissions, CWE-379 Creation of Temporary File in Directory with Insecure Permissions, NVD-CWE-Other
CVSSv2:
Base Score: MEDIUM (4.4) Vector: /AV:L/AC:M/Au:N/C:P/I:P/A:P CVSSv3:
Base Score: HIGH (7.0) Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:1.0/RC:R/MAV:A References:
OSSINDEX - [CVE-2020-27216] CWE-378: Creation of Temporary File With Insecure Permissions OSSIndex - http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-27216 OSSIndex - https://bugs.eclipse.org/bugs/show_bug.cgi?id=567921 OSSIndex - https://github.com/eclipse/jetty.project/issues/5451 OSSIndex - https://github.com/eclipse/jetty.project/security/advisories/GHSA-g3wg-6mcf-8jj6 emo@eclipse.org - EXPLOIT,MITIGATION,THIRD_PARTY_ADVISORY emo@eclipse.org - EXPLOIT,PATCH,VENDOR_ADVISORY emo@eclipse.org - MAILING_LIST,THIRD_PARTY_ADVISORY emo@eclipse.org - NOT_APPLICABLE,THIRD_PARTY_ADVISORY emo@eclipse.org - PATCH,THIRD_PARTY_ADVISORY emo@eclipse.org - PATCH,THIRD_PARTY_ADVISORY emo@eclipse.org - PATCH,THIRD_PARTY_ADVISORY emo@eclipse.org - PATCH,THIRD_PARTY_ADVISORY emo@eclipse.org - THIRD_PARTY_ADVISORY emo@eclipse.org - THIRD_PARTY_ADVISORY Vulnerable Software & Versions: (show all )
CVE-2019-10241 suppress
In Eclipse Jetty version 9.2.26 and older, 9.3.25 and older, and 9.4.15 and older, the server is vulnerable to XSS conditions if a remote client USES a specially formatted URL against the DefaultServlet or ResourceHandler that is configured for showing a Listing of directory contents. CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVSSv2:
Base Score: MEDIUM (4.3) Vector: /AV:N/AC:M/Au:N/C:N/I:P/A:N CVSSv3:
Base Score: MEDIUM (6.1) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:2.8/RC:R/MAV:A References:
Vulnerable Software & Versions: (show all )
CVE-2018-12536 suppress
In Eclipse Jetty Server, all 9.x versions, on webapps deployed using default Error Handling, when an intentionally bad query arrives that doesn't match a dynamic url-pattern, and is eventually handled by the DefaultServlet's static file serving, the bad characters can trigger a java.nio.file.InvalidPathException which includes the full path to the base resource directory that the DefaultServlet and/or webapp is using. If this InvalidPathException is then handled by the default Error Handler, the InvalidPathException message is included in the error response, revealing the full server path to the requesting system. CWE-209 Generation of Error Message Containing Sensitive Information, NVD-CWE-noinfo
CVSSv2:
Base Score: MEDIUM (5.0) Vector: /AV:N/AC:L/Au:N/C:P/I:N/A:N CVSSv3:
Base Score: MEDIUM (5.3) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:3.9/RC:R/MAV:A References:
Vulnerable Software & Versions: (show all )
CVE-2019-10247 suppress
In Eclipse Jetty version 7.x, 8.x, 9.2.27 and older, 9.3.26 and older, and 9.4.16 and older, the server running on any OS and Jetty version combination will reveal the configured fully qualified directory base resource location on the output of the 404 error for not finding a Context that matches the requested path. The default server behavior on jetty-distribution and jetty-home will include at the end of the Handler tree a DefaultHandler, which is responsible for reporting this 404 error, it presents the various configured contexts as HTML for users to click through to. This produced HTML includes output that contains the configured fully qualified directory base resource location for each context. CWE-213 Exposure of Sensitive Information Due to Incompatible Policies, CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
CVSSv2:
Base Score: MEDIUM (5.0) Vector: /AV:N/AC:L/Au:N/C:P/I:N/A:N CVSSv3:
Base Score: MEDIUM (5.3) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:3.9/RC:R/MAV:A References:
Vulnerable Software & Versions: (show all )
CVE-2021-28169 suppress
For Eclipse Jetty versions <= 9.4.40, <= 10.0.2, <= 11.0.2, it is possible for requests to the ConcatServlet with a doubly encoded path to access protected resources within the WEB-INF directory. For example a request to `/concat?/%2557EB-INF/web.xml` can retrieve the web.xml file. This can reveal sensitive information regarding the implementation of a web application. NVD-CWE-Other, CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
CVSSv2:
Base Score: MEDIUM (5.0) Vector: /AV:N/AC:L/Au:N/C:P/I:N/A:N CVSSv3:
Base Score: MEDIUM (5.3) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:3.9/RC:R/MAV:A References:
Vulnerable Software & Versions: (show all )
CVE-2023-26048 suppress
Jetty is a java based web server and servlet engine. In affected versions servlets with multipart support (e.g. annotated with `@MultipartConfig`) that call `HttpServletRequest.getParameter()` or `HttpServletRequest.getParts()` may cause `OutOfMemoryError` when the client sends a multipart request with a part that has a name but no filename and very large content. This happens even with the default settings of `fileSizeThreshold=0` which should stream the whole part content to disk. An attacker client may send a large multipart request and cause the server to throw `OutOfMemoryError`. However, the server may be able to recover after the `OutOfMemoryError` and continue its service -- although it may take some time. This issue has been patched in versions 9.4.51, 10.0.14, and 11.0.14. Users are advised to upgrade. Users unable to upgrade may set the multipart parameter `maxRequestSize` which must be set to a non-negative value, so the whole multipart content is limited (although still read into memory). CWE-400 Uncontrolled Resource Consumption, CWE-770 Allocation of Resources Without Limits or Throttling
CVSSv3:
Base Score: MEDIUM (5.3) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:3.9/RC:R/MAV:A References:
Vulnerable Software & Versions: (show all )
CVE-2023-26049 suppress
Jetty is a java based web server and servlet engine. Nonstandard cookie parsing in Jetty may allow an attacker to smuggle cookies within other cookies, or otherwise perform unintended behavior by tampering with the cookie parsing mechanism. If Jetty sees a cookie VALUE that starts with `"` (double quote), it will continue to read the cookie string until it sees a closing quote -- even if a semicolon is encountered. So, a cookie header such as: `DISPLAY_LANGUAGE="b; JSESSIONID=1337; c=d"` will be parsed as one cookie, with the name DISPLAY_LANGUAGE and a value of b; JSESSIONID=1337; c=d instead of 3 separate cookies. This has security implications because if, say, JSESSIONID is an HttpOnly cookie, and the DISPLAY_LANGUAGE cookie value is rendered on the page, an attacker can smuggle the JSESSIONID cookie into the DISPLAY_LANGUAGE cookie and thereby exfiltrate it. This is significant when an intermediary is enacting some policy based on cookies, so a smuggled cookie can bypass that policy yet still be seen by the Jetty server or its logging system. This issue has been addressed in versions 9.4.51, 10.0.14, 11.0.14, and 12.0.0.beta0 and users are advised to upgrade. There are no known workarounds for this issue. NVD-CWE-noinfo, CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
CVSSv3:
Base Score: MEDIUM (5.3) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:3.9/RC:R/MAV:A References:
Vulnerable Software & Versions: (show all )
CVE-2023-40167 suppress
Jetty is a Java based web server and servlet engine. Prior to versions 9.4.52, 10.0.16, 11.0.16, and 12.0.1, Jetty accepts the `+` character proceeding the content-length value in a HTTP/1 header field. This is more permissive than allowed by the RFC and other servers routinely reject such requests with 400 responses. There is no known exploit scenario, but it is conceivable that request smuggling could result if jetty is used in combination with a server that does not close the connection after sending such a 400 response. Versions 9.4.52, 10.0.16, 11.0.16, and 12.0.1 contain a patch for this issue. There is no workaround as there is no known exploit scenario. CWE-130 Improper Handling of Length Parameter Inconsistency, NVD-CWE-noinfo
CVSSv3:
Base Score: MEDIUM (5.3) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:3.9/RC:R/MAV:A References:
Vulnerable Software & Versions: (show all )
CVE-2023-36479 suppress
Eclipse Jetty Canonical Repository is the canonical repository for the Jetty project. Users of the CgiServlet with a very specific command structure may have the wrong command executed. If a user sends a request to a org.eclipse.jetty.servlets.CGI Servlet for a binary with a space in its name, the servlet will escape the command by wrapping it in quotation marks. This wrapped command, plus an optional command prefix, will then be executed through a call to Runtime.exec. If the original binary name provided by the user contains a quotation mark followed by a space, the resulting command line will contain multiple tokens instead of one. This issue was patched in version 9.4.52, 10.0.16, 11.0.16 and 12.0.0-beta2.
CWE-149 Improper Neutralization of Quoting Syntax
CVSSv3:
Base Score: MEDIUM (4.3) Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N/E:2.8/RC:R/MAV:A References:
Vulnerable Software & Versions: (show all )
CVE-2021-34428 suppress
For Eclipse Jetty versions <= 9.4.40, <= 10.0.2, <= 11.0.2, if an exception is thrown from the SessionListener#sessionDestroyed() method, then the session ID is not invalidated in the session ID manager. On deployments with clustered sessions and multiple contexts this can result in a session not being invalidated. This can result in an application used on a shared computer being left logged in. CWE-613 Insufficient Session Expiration
CVSSv2:
Base Score: LOW (3.6) Vector: /AV:L/AC:L/Au:N/C:P/I:P/A:N CVSSv3:
Base Score: LOW (3.5) Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N/E:0.9/RC:R/MAV:A References:
Vulnerable Software & Versions: (show all )
CVE-2022-2047 suppress
In Eclipse Jetty versions 9.4.0 thru 9.4.46, and 10.0.0 thru 10.0.9, and 11.0.0 thru 11.0.9 versions, the parsing of the authority segment of an http scheme URI, the Jetty HttpURI class improperly detects an invalid input as a hostname. This can lead to failures in a Proxy scenario. CWE-20 Improper Input Validation
CVSSv2:
Base Score: MEDIUM (4.0) Vector: /AV:N/AC:L/Au:S/C:N/I:P/A:N CVSSv3:
Base Score: LOW (2.7) Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N/E:1.2/RC:R/MAV:A References:
Vulnerable Software & Versions: (show all )
jetty-runner-9.3.20.v20170531.jar (shaded: org.eclipse.jetty:jetty-util:9.3.20.v20170531)Description:
Utility classes for Jetty File Path: /home/runner/.m2/repository/org/eclipse/jetty/jetty-runner/9.3.20.v20170531/jetty-runner-9.3.20.v20170531.jar/META-INF/maven/org.eclipse.jetty/jetty-util/pom.xmlMD5: d2278c8c65e44c93522eb8e688ab452bSHA1: e618a6cb5c2933c6dbf9d8acd48654a4eaaf34deSHA256: f0cb48f4d6c596e3c6d772e7ade2c3b3a1cd592b8ae94911531c4aaf887674feReferenced In Project/Scope: shardingsphere-infra-database-hive:provided
Evidence Type Source Name Value Confidence Vendor pom artifactid jetty-util Low Vendor pom groupid org.eclipse.jetty Highest Vendor pom name Jetty :: Utilities High Vendor pom parent-artifactid jetty-project Low Vendor pom url http://www.eclipse.org/jetty Highest Product pom artifactid jetty-util Highest Product pom groupid org.eclipse.jetty Highest Product pom name Jetty :: Utilities High Product pom parent-artifactid jetty-project Medium Product pom url http://www.eclipse.org/jetty Medium Version pom version 9.3.20.v20170531 Highest
CVE-2017-7657 suppress
In Eclipse Jetty, versions 9.2.x and older, 9.3.x (all configurations), and 9.4.x (non-default configuration with RFC2616 compliance enabled), transfer-encoding chunks are handled poorly. The chunk length parsing was vulnerable to an integer overflow. Thus a large chunk size could be interpreted as a smaller chunk size and content sent as chunk body could be interpreted as a pipelined request. If Jetty was deployed behind an intermediary that imposed some authorization and that intermediary allowed arbitrarily large chunks to be passed on unchanged, then this flaw could be used to bypass the authorization imposed by the intermediary as the fake pipelined request would not be interpreted by the intermediary as a request. CWE-444 Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling'), CWE-190 Integer Overflow or Wraparound
CVSSv2:
Base Score: HIGH (7.5) Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P CVSSv3:
Base Score: CRITICAL (9.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:3.9/RC:R/MAV:A References:
Vulnerable Software & Versions: (show all )
CVE-2017-7658 suppress
In Eclipse Jetty Server, versions 9.2.x and older, 9.3.x (all non HTTP/1.x configurations), and 9.4.x (all HTTP/1.x configurations), when presented with two content-lengths headers, Jetty ignored the second. When presented with a content-length and a chunked encoding header, the content-length was ignored (as per RFC 2616). If an intermediary decided on the shorter length, but still passed on the longer body, then body content could be interpreted by Jetty as a pipelined request. If the intermediary was imposing authorization, the fake pipelined request would bypass that authorization. CWE-444 Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')
CVSSv2:
Base Score: HIGH (7.5) Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P CVSSv3:
Base Score: CRITICAL (9.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:3.9/RC:R/MAV:A References:
Vulnerable Software & Versions: (show all )
CVE-2017-7656 suppress
In Eclipse Jetty, versions 9.2.x and older, 9.3.x (all configurations), and 9.4.x (non-default configuration with RFC2616 compliance enabled), HTTP/0.9 is handled poorly. An HTTP/1 style request line (i.e. method space URI space version) that declares a version of HTTP/0.9 was accepted and treated as a 0.9 request. If deployed behind an intermediary that also accepted and passed through the 0.9 version (but did not act on it), then the response sent could be interpreted by the intermediary as HTTP/1 headers. This could be used to poison the cache if the server allowed the origin client to generate arbitrary content in the response. CWE-444 Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling'), NVD-CWE-noinfo
CVSSv2:
Base Score: MEDIUM (5.0) Vector: /AV:N/AC:L/Au:N/C:N/I:P/A:N CVSSv3:
Base Score: HIGH (7.5) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:3.9/RC:R/MAV:A References:
Vulnerable Software & Versions: (show all )
CVE-2018-12545 suppress
In Eclipse Jetty version 9.3.x and 9.4.x, the server is vulnerable to Denial of Service conditions if a remote client sends either large SETTINGs frames container containing many settings, or many small SETTINGs frames. The vulnerability is due to the additional CPU and memory allocations required to handle changed settings. CWE-400 Uncontrolled Resource Consumption, CWE-770 Allocation of Resources Without Limits or Throttling
CVSSv2:
Base Score: MEDIUM (5.0) Vector: /AV:N/AC:L/Au:N/C:N/I:N/A:P CVSSv3:
Base Score: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:3.9/RC:R/MAV:A References:
Vulnerable Software & Versions: (show all )
CVE-2021-28165 suppress
In Eclipse Jetty 7.2.2 to 9.4.38, 10.0.0.alpha0 to 10.0.1, and 11.0.0.alpha0 to 11.0.1, CPU usage can reach 100% upon receiving a large invalid TLS frame. CWE-400 Uncontrolled Resource Consumption, CWE-755 Improper Handling of Exceptional Conditions, CWE-551 Incorrect Behavior Order: Authorization Before Parsing and Canonicalization
CVSSv2:
Base Score: HIGH (7.8) Vector: /AV:N/AC:L/Au:N/C:N/I:N/A:C CVSSv3:
Base Score: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:3.9/RC:R/MAV:A References:
Vulnerable Software & Versions: (show all )
CVE-2022-2048 suppress
In Eclipse Jetty HTTP/2 server implementation, when encountering an invalid HTTP/2 request, the error handling has a bug that can wind up not properly cleaning up the active connections and associated resources. This can lead to a Denial of Service scenario where there are no enough resources left to process good requests. CWE-664 Improper Control of a Resource Through its Lifetime, NVD-CWE-Other, CWE-410 Insufficient Resource Pool
CVSSv2:
Base Score: MEDIUM (5.0) Vector: /AV:N/AC:L/Au:N/C:N/I:N/A:P CVSSv3:
Base Score: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:3.9/RC:R/MAV:A References:
Vulnerable Software & Versions: (show all )
CVE-2023-36478 suppress
Eclipse Jetty provides a web server and servlet container. In versions 11.0.0 through 11.0.15, 10.0.0 through 10.0.15, and 9.0.0 through 9.4.52, an integer overflow in `MetaDataBuilder.checkSize` allows for HTTP/2 HPACK header values to
exceed their size limit. `MetaDataBuilder.java` determines if a header name or value exceeds the size limit, and throws an exception if the limit is exceeded. However, when length is very large and huffman is true, the multiplication by 4 in line 295
will overflow, and length will become negative. `(_size+length)` will now be negative, and the check on line 296 will not be triggered. Furthermore, `MetaDataBuilder.checkSize` allows for user-entered HPACK header value sizes to be negative, potentially leading to a very large buffer allocation later on when the user-entered size is multiplied by 2. This means that if a user provides a negative length value (or, more precisely, a length value which, when multiplied by the 4/3 fudge factor, is negative), and this length value is a very large positive number when multiplied by 2, then the user can cause a very large buffer to be allocated on the server. Users of HTTP/2 can be impacted by a remote denial of service attack. The issue has been fixed in versions 11.0.16, 10.0.16, and 9.4.53. There are no known workarounds. CWE-400 Uncontrolled Resource Consumption, CWE-190 Integer Overflow or Wraparound
CVSSv3:
Base Score: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:3.9/RC:R/MAV:A References:
Vulnerable Software & Versions: (show all )
CVE-2023-44487 suppress
CISA Known Exploited Vulnerability: Product: IETF HTTP/2 Name: HTTP/2 Rapid Reset Attack Vulnerability Date Added: 2023-10-10 Description: HTTP/2 contains a rapid reset vulnerability that allows for a distributed denial-of-service attack (DDoS). Required Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. Due Date: 2023-10-31 Notes: This vulnerability affects a common open-source component, third-party library, or a protocol used by different products. Please check with specific vendors for information on patching status. For more information, please see: https://blog.cloudflare.com/technical-breakdown-http2-rapid-reset-ddos-attack/
The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. CWE-400 Uncontrolled Resource Consumption
CVSSv3:
Base Score: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:3.9/RC:R/MAV:A References:
cve@mitre.org - EXPLOIT,THIRD_PARTY_ADVISORY cve@mitre.org - ISSUE_TRACKING cve@mitre.org - ISSUE_TRACKING,PATCH,VENDOR_ADVISORY cve@mitre.org - ISSUE_TRACKING,PATCH,VENDOR_ADVISORY cve@mitre.org - ISSUE_TRACKING,PATCH,VENDOR_ADVISORY cve@mitre.org - ISSUE_TRACKING,PATCH,VENDOR_ADVISORY cve@mitre.org - ISSUE_TRACKING,PRESS/MEDIA_COVERAGE cve@mitre.org - ISSUE_TRACKING,THIRD_PARTY_ADVISORY cve@mitre.org - ISSUE_TRACKING,THIRD_PARTY_ADVISORY cve@mitre.org - ISSUE_TRACKING,THIRD_PARTY_ADVISORY cve@mitre.org - ISSUE_TRACKING,THIRD_PARTY_ADVISORY cve@mitre.org - ISSUE_TRACKING,VENDOR_ADVISORY cve@mitre.org - ISSUE_TRACKING,VENDOR_ADVISORY cve@mitre.org - ISSUE_TRACKING,VENDOR_ADVISORY cve@mitre.org - ISSUE_TRACKING,VENDOR_ADVISORY cve@mitre.org - ISSUE_TRACKING,VENDOR_ADVISORY cve@mitre.org - ISSUE_TRACKING,VENDOR_ADVISORY cve@mitre.org - ISSUE_TRACKING,VENDOR_ADVISORY cve@mitre.org - ISSUE_TRACKING,VENDOR_ADVISORY cve@mitre.org - ISSUE_TRACKING,VENDOR_ADVISORY cve@mitre.org - ISSUE_TRACKING,VENDOR_ADVISORY cve@mitre.org - ISSUE_TRACKING,VENDOR_ADVISORY cve@mitre.org - ISSUE_TRACKING,VENDOR_ADVISORY cve@mitre.org - ISSUE_TRACKING,VENDOR_ADVISORY cve@mitre.org - ISSUE_TRACKING,VENDOR_ADVISORY cve@mitre.org - ISSUE_TRACKING,VENDOR_ADVISORY cve@mitre.org - ISSUE_TRACKING,VENDOR_ADVISORY cve@mitre.org - ISSUE_TRACKING,VENDOR_ADVISORY cve@mitre.org - ISSUE_TRACKING,VENDOR_ADVISORY cve@mitre.org - MAILING_LIST cve@mitre.org - MAILING_LIST,PATCH,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,PATCH,VENDOR_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,VENDOR_ADVISORY cve@mitre.org - MAILING_LIST,VENDOR_ADVISORY cve@mitre.org - MITIGATION,PATCH,VENDOR_ADVISORY cve@mitre.org - MITIGATION,PATCH,VENDOR_ADVISORY cve@mitre.org - MITIGATION,VENDOR_ADVISORY cve@mitre.org - MITIGATION,VENDOR_ADVISORY cve@mitre.org - PATCH,THIRD_PARTY_ADVISORY cve@mitre.org - PATCH,THIRD_PARTY_ADVISORY cve@mitre.org - PATCH,VENDOR_ADVISORY cve@mitre.org - PATCH,VENDOR_ADVISORY cve@mitre.org - PATCH,VENDOR_ADVISORY cve@mitre.org - PATCH,VENDOR_ADVISORY cve@mitre.org - PATCH,VENDOR_ADVISORY cve@mitre.org - PATCH,VENDOR_ADVISORY cve@mitre.org - PATCH,VENDOR_ADVISORY cve@mitre.org - PATCH,VENDOR_ADVISORY cve@mitre.org - PATCH,VENDOR_ADVISORY cve@mitre.org - PATCH,VENDOR_ADVISORY cve@mitre.org - PRESS/MEDIA_COVERAGE cve@mitre.org - PRESS/MEDIA_COVERAGE,THIRD_PARTY_ADVISORY cve@mitre.org - PRESS/MEDIA_COVERAGE,THIRD_PARTY_ADVISORY cve@mitre.org - PRESS/MEDIA_COVERAGE,THIRD_PARTY_ADVISORY cve@mitre.org - PRESS/MEDIA_COVERAGE,THIRD_PARTY_ADVISORY cve@mitre.org - PRODUCT,RELEASE_NOTES,VENDOR_ADVISORY cve@mitre.org - PRODUCT,THIRD_PARTY_ADVISORY cve@mitre.org - PRODUCT,THIRD_PARTY_ADVISORY cve@mitre.org - PRODUCT,VENDOR_ADVISORY cve@mitre.org - RELEASE_NOTES,THIRD_PARTY_ADVISORY cve@mitre.org - RELEASE_NOTES,THIRD_PARTY_ADVISORY cve@mitre.org - RELEASE_NOTES,VENDOR_ADVISORY cve@mitre.org - RELEASE_NOTES,VENDOR_ADVISORY cve@mitre.org - TECHNICAL_DESCRIPTION,THIRD_PARTY_ADVISORY cve@mitre.org - TECHNICAL_DESCRIPTION,VENDOR_ADVISORY cve@mitre.org - TECHNICAL_DESCRIPTION,VENDOR_ADVISORY cve@mitre.org - TECHNICAL_DESCRIPTION,VENDOR_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY,US_GOVERNMENT_RESOURCE cve@mitre.org - VENDOR_ADVISORY cve@mitre.org - VENDOR_ADVISORY cve@mitre.org - VENDOR_ADVISORY cve@mitre.org - VENDOR_ADVISORY cve@mitre.org - VENDOR_ADVISORY cve@mitre.org - VENDOR_ADVISORY cve@mitre.org - VENDOR_ADVISORY cve@mitre.org - VENDOR_ADVISORY cve@mitre.org - VENDOR_ADVISORY cve@mitre.org - VENDOR_ADVISORY cve@mitre.org - VENDOR_ADVISORY cve@mitre.org - VENDOR_ADVISORY cve@mitre.org - VENDOR_ADVISORY cve@mitre.org - VENDOR_ADVISORY cve@mitre.org - VENDOR_ADVISORY cve@mitre.org - VENDOR_ADVISORY cve@mitre.org - VENDOR_ADVISORY cve@mitre.org - VENDOR_ADVISORY cve@mitre.org - VENDOR_ADVISORY cve@mitre.org - VENDOR_ADVISORY cve@mitre.org - VENDOR_ADVISORY Vulnerable Software & Versions: (show all )
CVE-2020-27216 suppress
In Eclipse Jetty versions 1.0 thru 9.4.32.v20200930, 10.0.0.alpha1 thru 10.0.0.beta2, and 11.0.0.alpha1 thru 11.0.0.beta2O, on Unix like systems, the system's temporary directory is shared between all users on that system. A collocated user can observe the process of creating a temporary sub directory in the shared temporary directory and race to complete the creation of the temporary subdirectory. If the attacker wins the race then they will have read and write permission to the subdirectory used to unpack web applications, including their WEB-INF/lib jar files and JSP files. If any code is ever executed out of this temporary directory, this can lead to a local privilege escalation vulnerability. CWE-378 Creation of Temporary File With Insecure Permissions, CWE-379 Creation of Temporary File in Directory with Insecure Permissions, NVD-CWE-Other
CVSSv2:
Base Score: MEDIUM (4.4) Vector: /AV:L/AC:M/Au:N/C:P/I:P/A:P CVSSv3:
Base Score: HIGH (7.0) Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:1.0/RC:R/MAV:A References:
OSSINDEX - [CVE-2020-27216] CWE-378: Creation of Temporary File With Insecure Permissions OSSIndex - http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-27216 OSSIndex - https://bugs.eclipse.org/bugs/show_bug.cgi?id=567921 OSSIndex - https://github.com/eclipse/jetty.project/issues/5451 OSSIndex - https://github.com/eclipse/jetty.project/security/advisories/GHSA-g3wg-6mcf-8jj6 emo@eclipse.org - EXPLOIT,MITIGATION,THIRD_PARTY_ADVISORY emo@eclipse.org - EXPLOIT,PATCH,VENDOR_ADVISORY emo@eclipse.org - MAILING_LIST,THIRD_PARTY_ADVISORY emo@eclipse.org - NOT_APPLICABLE,THIRD_PARTY_ADVISORY emo@eclipse.org - PATCH,THIRD_PARTY_ADVISORY emo@eclipse.org - PATCH,THIRD_PARTY_ADVISORY emo@eclipse.org - PATCH,THIRD_PARTY_ADVISORY emo@eclipse.org - PATCH,THIRD_PARTY_ADVISORY emo@eclipse.org - THIRD_PARTY_ADVISORY emo@eclipse.org - THIRD_PARTY_ADVISORY Vulnerable Software & Versions: (show all )
CVE-2019-10241 suppress
In Eclipse Jetty version 9.2.26 and older, 9.3.25 and older, and 9.4.15 and older, the server is vulnerable to XSS conditions if a remote client USES a specially formatted URL against the DefaultServlet or ResourceHandler that is configured for showing a Listing of directory contents. CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVSSv2:
Base Score: MEDIUM (4.3) Vector: /AV:N/AC:M/Au:N/C:N/I:P/A:N CVSSv3:
Base Score: MEDIUM (6.1) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:2.8/RC:R/MAV:A References:
Vulnerable Software & Versions: (show all )
CVE-2019-10246 (OSSINDEX) suppress
In Eclipse Jetty version 9.2.27, 9.3.26, and 9.4.16, the server running on Windows is vulnerable to exposure of the fully qualified Base Resource directory name on Windows to a remote client when it is configured for showing a Listing of directory contents. This information reveal is restricted to only the content in the configured base resource directories. CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
CVSSv3:
Base Score: MEDIUM (5.300000190734863) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N References:
Vulnerable Software & Versions (OSSINDEX):
cpe:2.3:a:org.eclipse.jetty:jetty-util:9.3.20.v20170531:*:*:*:*:*:*:* CVE-2018-12536 suppress
In Eclipse Jetty Server, all 9.x versions, on webapps deployed using default Error Handling, when an intentionally bad query arrives that doesn't match a dynamic url-pattern, and is eventually handled by the DefaultServlet's static file serving, the bad characters can trigger a java.nio.file.InvalidPathException which includes the full path to the base resource directory that the DefaultServlet and/or webapp is using. If this InvalidPathException is then handled by the default Error Handler, the InvalidPathException message is included in the error response, revealing the full server path to the requesting system. CWE-209 Generation of Error Message Containing Sensitive Information, NVD-CWE-noinfo
CVSSv2:
Base Score: MEDIUM (5.0) Vector: /AV:N/AC:L/Au:N/C:P/I:N/A:N CVSSv3:
Base Score: MEDIUM (5.3) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:3.9/RC:R/MAV:A References:
Vulnerable Software & Versions: (show all )
CVE-2019-10247 suppress
In Eclipse Jetty version 7.x, 8.x, 9.2.27 and older, 9.3.26 and older, and 9.4.16 and older, the server running on any OS and Jetty version combination will reveal the configured fully qualified directory base resource location on the output of the 404 error for not finding a Context that matches the requested path. The default server behavior on jetty-distribution and jetty-home will include at the end of the Handler tree a DefaultHandler, which is responsible for reporting this 404 error, it presents the various configured contexts as HTML for users to click through to. This produced HTML includes output that contains the configured fully qualified directory base resource location for each context. CWE-213 Exposure of Sensitive Information Due to Incompatible Policies, CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
CVSSv2:
Base Score: MEDIUM (5.0) Vector: /AV:N/AC:L/Au:N/C:P/I:N/A:N CVSSv3:
Base Score: MEDIUM (5.3) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:3.9/RC:R/MAV:A References:
Vulnerable Software & Versions: (show all )
CVE-2021-28169 suppress
For Eclipse Jetty versions <= 9.4.40, <= 10.0.2, <= 11.0.2, it is possible for requests to the ConcatServlet with a doubly encoded path to access protected resources within the WEB-INF directory. For example a request to `/concat?/%2557EB-INF/web.xml` can retrieve the web.xml file. This can reveal sensitive information regarding the implementation of a web application. NVD-CWE-Other, CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
CVSSv2:
Base Score: MEDIUM (5.0) Vector: /AV:N/AC:L/Au:N/C:P/I:N/A:N CVSSv3:
Base Score: MEDIUM (5.3) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:3.9/RC:R/MAV:A References:
Vulnerable Software & Versions: (show all )
CVE-2023-26048 suppress
Jetty is a java based web server and servlet engine. In affected versions servlets with multipart support (e.g. annotated with `@MultipartConfig`) that call `HttpServletRequest.getParameter()` or `HttpServletRequest.getParts()` may cause `OutOfMemoryError` when the client sends a multipart request with a part that has a name but no filename and very large content. This happens even with the default settings of `fileSizeThreshold=0` which should stream the whole part content to disk. An attacker client may send a large multipart request and cause the server to throw `OutOfMemoryError`. However, the server may be able to recover after the `OutOfMemoryError` and continue its service -- although it may take some time. This issue has been patched in versions 9.4.51, 10.0.14, and 11.0.14. Users are advised to upgrade. Users unable to upgrade may set the multipart parameter `maxRequestSize` which must be set to a non-negative value, so the whole multipart content is limited (although still read into memory). CWE-400 Uncontrolled Resource Consumption, CWE-770 Allocation of Resources Without Limits or Throttling
CVSSv3:
Base Score: MEDIUM (5.3) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:3.9/RC:R/MAV:A References:
Vulnerable Software & Versions: (show all )
CVE-2023-26049 suppress
Jetty is a java based web server and servlet engine. Nonstandard cookie parsing in Jetty may allow an attacker to smuggle cookies within other cookies, or otherwise perform unintended behavior by tampering with the cookie parsing mechanism. If Jetty sees a cookie VALUE that starts with `"` (double quote), it will continue to read the cookie string until it sees a closing quote -- even if a semicolon is encountered. So, a cookie header such as: `DISPLAY_LANGUAGE="b; JSESSIONID=1337; c=d"` will be parsed as one cookie, with the name DISPLAY_LANGUAGE and a value of b; JSESSIONID=1337; c=d instead of 3 separate cookies. This has security implications because if, say, JSESSIONID is an HttpOnly cookie, and the DISPLAY_LANGUAGE cookie value is rendered on the page, an attacker can smuggle the JSESSIONID cookie into the DISPLAY_LANGUAGE cookie and thereby exfiltrate it. This is significant when an intermediary is enacting some policy based on cookies, so a smuggled cookie can bypass that policy yet still be seen by the Jetty server or its logging system. This issue has been addressed in versions 9.4.51, 10.0.14, 11.0.14, and 12.0.0.beta0 and users are advised to upgrade. There are no known workarounds for this issue. NVD-CWE-noinfo, CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
CVSSv3:
Base Score: MEDIUM (5.3) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:3.9/RC:R/MAV:A References:
Vulnerable Software & Versions: (show all )
CVE-2023-40167 suppress
Jetty is a Java based web server and servlet engine. Prior to versions 9.4.52, 10.0.16, 11.0.16, and 12.0.1, Jetty accepts the `+` character proceeding the content-length value in a HTTP/1 header field. This is more permissive than allowed by the RFC and other servers routinely reject such requests with 400 responses. There is no known exploit scenario, but it is conceivable that request smuggling could result if jetty is used in combination with a server that does not close the connection after sending such a 400 response. Versions 9.4.52, 10.0.16, 11.0.16, and 12.0.1 contain a patch for this issue. There is no workaround as there is no known exploit scenario. CWE-130 Improper Handling of Length Parameter Inconsistency, NVD-CWE-noinfo
CVSSv3:
Base Score: MEDIUM (5.3) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:3.9/RC:R/MAV:A References:
Vulnerable Software & Versions: (show all )
CVE-2023-36479 suppress
Eclipse Jetty Canonical Repository is the canonical repository for the Jetty project. Users of the CgiServlet with a very specific command structure may have the wrong command executed. If a user sends a request to a org.eclipse.jetty.servlets.CGI Servlet for a binary with a space in its name, the servlet will escape the command by wrapping it in quotation marks. This wrapped command, plus an optional command prefix, will then be executed through a call to Runtime.exec. If the original binary name provided by the user contains a quotation mark followed by a space, the resulting command line will contain multiple tokens instead of one. This issue was patched in version 9.4.52, 10.0.16, 11.0.16 and 12.0.0-beta2.
CWE-149 Improper Neutralization of Quoting Syntax
CVSSv3:
Base Score: MEDIUM (4.3) Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N/E:2.8/RC:R/MAV:A References:
Vulnerable Software & Versions: (show all )
CVE-2021-34428 suppress
For Eclipse Jetty versions <= 9.4.40, <= 10.0.2, <= 11.0.2, if an exception is thrown from the SessionListener#sessionDestroyed() method, then the session ID is not invalidated in the session ID manager. On deployments with clustered sessions and multiple contexts this can result in a session not being invalidated. This can result in an application used on a shared computer being left logged in. CWE-613 Insufficient Session Expiration
CVSSv2:
Base Score: LOW (3.6) Vector: /AV:L/AC:L/Au:N/C:P/I:P/A:N CVSSv3:
Base Score: LOW (3.5) Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N/E:0.9/RC:R/MAV:A References:
Vulnerable Software & Versions: (show all )
CVE-2022-2047 suppress
In Eclipse Jetty versions 9.4.0 thru 9.4.46, and 10.0.0 thru 10.0.9, and 11.0.0 thru 11.0.9 versions, the parsing of the authority segment of an http scheme URI, the Jetty HttpURI class improperly detects an invalid input as a hostname. This can lead to failures in a Proxy scenario. CWE-20 Improper Input Validation
CVSSv2:
Base Score: MEDIUM (4.0) Vector: /AV:N/AC:L/Au:S/C:N/I:P/A:N CVSSv3:
Base Score: LOW (2.7) Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N/E:1.2/RC:R/MAV:A References:
Vulnerable Software & Versions: (show all )
jetty-runner-9.3.20.v20170531.jar (shaded: org.mortbay.jasper:apache-jsp:8.0.33)File Path: /home/runner/.m2/repository/org/eclipse/jetty/jetty-runner/9.3.20.v20170531/jetty-runner-9.3.20.v20170531.jar/META-INF/maven/org.mortbay.jasper/apache-jsp/pom.xmlMD5: 5420ee1f4edb3c887b0dfe00a2da9c4eSHA1: eed89be5930837ecab794e0b7dd743af9105c4cbSHA256: 9f6264036660ff19c5f09b6a13c699427825640d51e4d47724c248378a36aff5Referenced In Project/Scope: shardingsphere-infra-database-hive:provided
Evidence Type Source Name Value Confidence Vendor pom artifactid apache-jsp Low Vendor pom groupid org.mortbay.jasper Highest Vendor pom name MortBay :: Apache Jasper :: JSP Implementation High Vendor pom parent-artifactid jasper-jsp Low Product pom artifactid apache-jsp Highest Product pom groupid org.mortbay.jasper Highest Product pom name MortBay :: Apache Jasper :: JSP Implementation High Product pom parent-artifactid jasper-jsp Medium Version pom version 8.0.33 Highest
jetty-schemas-3.1.jarDescription:
Administrative parent pom for Jetty modules License:
http://www.apache.org/licenses/LICENSE-2.0, http://www.eclipse.org/org/documents/epl-v10.php File Path: /home/runner/.m2/repository/org/eclipse/jetty/toolchain/jetty-schemas/3.1/jetty-schemas-3.1.jar
MD5: 72724fe34a75d0f4ab21a3869734faee
SHA1: 98bb827bdf254fd353bab0c53324c0848076b42c
SHA256: b58ddbe2025d80ada24409ae6e66fb2e56226538fa847d59c5df0ca7432b554e
Referenced In Project/Scope: shardingsphere-infra-database-hive:provided
jetty-schemas-3.1.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.hive/hive-jdbc@3.1.3
Evidence Type Source Name Value Confidence Vendor file name jetty-schemas High Vendor Manifest bundle-docurl http://www.mortbay.com Low Vendor Manifest bundle-requiredexecutionenvironment J2SE-1.5 Low Vendor Manifest bundle-symbolicname org.eclipse.jetty.schemas;singleton:=true Medium Vendor pom artifactid jetty-schemas Highest Vendor pom artifactid jetty-schemas Low Vendor pom groupid org.eclipse.jetty.toolchain Highest Vendor pom name Jetty :: Schemas High Vendor pom parent-artifactid jetty-toolchain Low Product file name jetty-schemas High Product Manifest bundle-docurl http://www.mortbay.com Low Product Manifest Bundle-Name Jetty Servlet Schemas Medium Product Manifest bundle-requiredexecutionenvironment J2SE-1.5 Low Product Manifest bundle-symbolicname org.eclipse.jetty.schemas;singleton:=true Medium Product pom artifactid jetty-schemas Highest Product pom groupid org.eclipse.jetty.toolchain Highest Product pom name Jetty :: Schemas High Product pom parent-artifactid jetty-toolchain Medium Version file version 3.1 High Version pom parent-version 3.1 Low Version pom version 3.1 Highest
jetty-util-ajax-9.4.6.v20170531.jarDescription:
JSON/Ajax Utility classes for Jetty License:
http://www.apache.org/licenses/LICENSE-2.0, http://www.eclipse.org/org/documents/epl-v10.php File Path: /home/runner/.m2/repository/org/eclipse/jetty/jetty-util-ajax/9.4.6.v20170531/jetty-util-ajax-9.4.6.v20170531.jar
MD5: 49efc2efa2e69b7ce3d009f976dd394e
SHA1: c74ca3f778212513004800537d78ec618390329b
SHA256: cdaffca1309431a4d3ef8b801763641c1f1420dbbaf06bccd5ff361111e377fe
Referenced In Project/Scope: shardingsphere-infra-database-hive:provided
jetty-util-ajax-9.4.6.v20170531.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.hive/hive-jdbc@3.1.3
Evidence Type Source Name Value Confidence Vendor file name jetty-util-ajax High Vendor jar package name ajax Highest Vendor jar package name eclipse Highest Vendor jar package name jetty Highest Vendor jar package name util Highest Vendor Manifest bundle-copyright Copyright (c) 2008-2017 Mort Bay Consulting Pty. Ltd. Low Vendor Manifest bundle-docurl http://www.eclipse.org/jetty Low Vendor Manifest bundle-requiredexecutionenvironment JavaSE-1.8 Low Vendor Manifest bundle-symbolicname org.eclipse.jetty.util.ajax Medium Vendor Manifest Implementation-Vendor Eclipse.org - Jetty High Vendor Manifest originally-created-by Apache Maven Bundle Plugin Low Vendor Manifest url http://www.eclipse.org/jetty Low Vendor pom artifactid jetty-util-ajax Highest Vendor pom artifactid jetty-util-ajax Low Vendor pom groupid org.eclipse.jetty Highest Vendor pom name Jetty :: Utilities :: Ajax(JSON) High Vendor pom parent-artifactid jetty-project Low Vendor pom url http://www.eclipse.org/jetty Highest Product file name jetty-util-ajax High Product jar package name ajax Highest Product jar package name eclipse Highest Product jar package name jetty Highest Product jar package name util Highest Product Manifest bundle-copyright Copyright (c) 2008-2017 Mort Bay Consulting Pty. Ltd. Low Product Manifest bundle-docurl http://www.eclipse.org/jetty Low Product Manifest Bundle-Name Jetty :: Utilities :: Ajax(JSON) Medium Product Manifest bundle-requiredexecutionenvironment JavaSE-1.8 Low Product Manifest bundle-symbolicname org.eclipse.jetty.util.ajax Medium Product Manifest originally-created-by Apache Maven Bundle Plugin Low Product Manifest url http://www.eclipse.org/jetty Low Product pom artifactid jetty-util-ajax Highest Product pom groupid org.eclipse.jetty Highest Product pom name Jetty :: Utilities :: Ajax(JSON) High Product pom parent-artifactid jetty-project Medium Product pom url http://www.eclipse.org/jetty Medium Version file version 9.4.6.v20170531 High Version Manifest Bundle-Version 9.4.6.v20170531 High Version Manifest Implementation-Version 9.4.6.v20170531 High Version pom version 9.4.6.v20170531 Highest
CVE-2017-7657 suppress
In Eclipse Jetty, versions 9.2.x and older, 9.3.x (all configurations), and 9.4.x (non-default configuration with RFC2616 compliance enabled), transfer-encoding chunks are handled poorly. The chunk length parsing was vulnerable to an integer overflow. Thus a large chunk size could be interpreted as a smaller chunk size and content sent as chunk body could be interpreted as a pipelined request. If Jetty was deployed behind an intermediary that imposed some authorization and that intermediary allowed arbitrarily large chunks to be passed on unchanged, then this flaw could be used to bypass the authorization imposed by the intermediary as the fake pipelined request would not be interpreted by the intermediary as a request. CWE-444 Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling'), CWE-190 Integer Overflow or Wraparound
CVSSv2:
Base Score: HIGH (7.5) Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P CVSSv3:
Base Score: CRITICAL (9.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:3.9/RC:R/MAV:A References:
Vulnerable Software & Versions: (show all )
CVE-2017-7658 suppress
In Eclipse Jetty Server, versions 9.2.x and older, 9.3.x (all non HTTP/1.x configurations), and 9.4.x (all HTTP/1.x configurations), when presented with two content-lengths headers, Jetty ignored the second. When presented with a content-length and a chunked encoding header, the content-length was ignored (as per RFC 2616). If an intermediary decided on the shorter length, but still passed on the longer body, then body content could be interpreted by Jetty as a pipelined request. If the intermediary was imposing authorization, the fake pipelined request would bypass that authorization. CWE-444 Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')
CVSSv2:
Base Score: HIGH (7.5) Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P CVSSv3:
Base Score: CRITICAL (9.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:3.9/RC:R/MAV:A References:
Vulnerable Software & Versions: (show all )
CVE-2018-12538 suppress
In Eclipse Jetty versions 9.4.0 through 9.4.8, when using the optional Jetty provided FileSessionDataStore for persistent storage of HttpSession details, it is possible for a malicious user to access/hijack other HttpSessions and even delete unmatched HttpSessions present in the FileSystem's storage for the FileSessionDataStore. CWE-6 J2EE Misconfiguration: Insufficient Session-ID Length, CWE-384 Session Fixation
CVSSv2:
Base Score: MEDIUM (6.5) Vector: /AV:N/AC:L/Au:S/C:P/I:P/A:P CVSSv3:
Base Score: HIGH (8.8) Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:2.8/RC:R/MAV:A References:
Vulnerable Software & Versions: (show all )
CVE-2017-7656 suppress
In Eclipse Jetty, versions 9.2.x and older, 9.3.x (all configurations), and 9.4.x (non-default configuration with RFC2616 compliance enabled), HTTP/0.9 is handled poorly. An HTTP/1 style request line (i.e. method space URI space version) that declares a version of HTTP/0.9 was accepted and treated as a 0.9 request. If deployed behind an intermediary that also accepted and passed through the 0.9 version (but did not act on it), then the response sent could be interpreted by the intermediary as HTTP/1 headers. This could be used to poison the cache if the server allowed the origin client to generate arbitrary content in the response. CWE-444 Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling'), NVD-CWE-noinfo
CVSSv2:
Base Score: MEDIUM (5.0) Vector: /AV:N/AC:L/Au:N/C:N/I:P/A:N CVSSv3:
Base Score: HIGH (7.5) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:3.9/RC:R/MAV:A References:
Vulnerable Software & Versions: (show all )
CVE-2018-12545 suppress
In Eclipse Jetty version 9.3.x and 9.4.x, the server is vulnerable to Denial of Service conditions if a remote client sends either large SETTINGs frames container containing many settings, or many small SETTINGs frames. The vulnerability is due to the additional CPU and memory allocations required to handle changed settings. CWE-400 Uncontrolled Resource Consumption, CWE-770 Allocation of Resources Without Limits or Throttling
CVSSv2:
Base Score: MEDIUM (5.0) Vector: /AV:N/AC:L/Au:N/C:N/I:N/A:P CVSSv3:
Base Score: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:3.9/RC:R/MAV:A References:
Vulnerable Software & Versions: (show all )
CVE-2021-28165 suppress
In Eclipse Jetty 7.2.2 to 9.4.38, 10.0.0.alpha0 to 10.0.1, and 11.0.0.alpha0 to 11.0.1, CPU usage can reach 100% upon receiving a large invalid TLS frame. CWE-400 Uncontrolled Resource Consumption, CWE-755 Improper Handling of Exceptional Conditions, CWE-551 Incorrect Behavior Order: Authorization Before Parsing and Canonicalization
CVSSv2:
Base Score: HIGH (7.8) Vector: /AV:N/AC:L/Au:N/C:N/I:N/A:C CVSSv3:
Base Score: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:3.9/RC:R/MAV:A References:
Vulnerable Software & Versions: (show all )
CVE-2022-2048 suppress
In Eclipse Jetty HTTP/2 server implementation, when encountering an invalid HTTP/2 request, the error handling has a bug that can wind up not properly cleaning up the active connections and associated resources. This can lead to a Denial of Service scenario where there are no enough resources left to process good requests. CWE-664 Improper Control of a Resource Through its Lifetime, NVD-CWE-Other, CWE-410 Insufficient Resource Pool
CVSSv2:
Base Score: MEDIUM (5.0) Vector: /AV:N/AC:L/Au:N/C:N/I:N/A:P CVSSv3:
Base Score: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:3.9/RC:R/MAV:A References:
Vulnerable Software & Versions: (show all )
CVE-2023-36478 suppress
Eclipse Jetty provides a web server and servlet container. In versions 11.0.0 through 11.0.15, 10.0.0 through 10.0.15, and 9.0.0 through 9.4.52, an integer overflow in `MetaDataBuilder.checkSize` allows for HTTP/2 HPACK header values to
exceed their size limit. `MetaDataBuilder.java` determines if a header name or value exceeds the size limit, and throws an exception if the limit is exceeded. However, when length is very large and huffman is true, the multiplication by 4 in line 295
will overflow, and length will become negative. `(_size+length)` will now be negative, and the check on line 296 will not be triggered. Furthermore, `MetaDataBuilder.checkSize` allows for user-entered HPACK header value sizes to be negative, potentially leading to a very large buffer allocation later on when the user-entered size is multiplied by 2. This means that if a user provides a negative length value (or, more precisely, a length value which, when multiplied by the 4/3 fudge factor, is negative), and this length value is a very large positive number when multiplied by 2, then the user can cause a very large buffer to be allocated on the server. Users of HTTP/2 can be impacted by a remote denial of service attack. The issue has been fixed in versions 11.0.16, 10.0.16, and 9.4.53. There are no known workarounds. CWE-400 Uncontrolled Resource Consumption, CWE-190 Integer Overflow or Wraparound
CVSSv3:
Base Score: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:3.9/RC:R/MAV:A References:
Vulnerable Software & Versions: (show all )
CVE-2023-44487 suppress
CISA Known Exploited Vulnerability: Product: IETF HTTP/2 Name: HTTP/2 Rapid Reset Attack Vulnerability Date Added: 2023-10-10 Description: HTTP/2 contains a rapid reset vulnerability that allows for a distributed denial-of-service attack (DDoS). Required Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. Due Date: 2023-10-31 Notes: This vulnerability affects a common open-source component, third-party library, or a protocol used by different products. Please check with specific vendors for information on patching status. For more information, please see: https://blog.cloudflare.com/technical-breakdown-http2-rapid-reset-ddos-attack/
The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. CWE-400 Uncontrolled Resource Consumption
CVSSv3:
Base Score: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:3.9/RC:R/MAV:A References:
cve@mitre.org - EXPLOIT,THIRD_PARTY_ADVISORY cve@mitre.org - ISSUE_TRACKING cve@mitre.org - ISSUE_TRACKING,PATCH,VENDOR_ADVISORY cve@mitre.org - ISSUE_TRACKING,PATCH,VENDOR_ADVISORY cve@mitre.org - ISSUE_TRACKING,PATCH,VENDOR_ADVISORY cve@mitre.org - ISSUE_TRACKING,PATCH,VENDOR_ADVISORY cve@mitre.org - ISSUE_TRACKING,PRESS/MEDIA_COVERAGE cve@mitre.org - ISSUE_TRACKING,THIRD_PARTY_ADVISORY cve@mitre.org - ISSUE_TRACKING,THIRD_PARTY_ADVISORY cve@mitre.org - ISSUE_TRACKING,THIRD_PARTY_ADVISORY cve@mitre.org - ISSUE_TRACKING,THIRD_PARTY_ADVISORY cve@mitre.org - ISSUE_TRACKING,VENDOR_ADVISORY cve@mitre.org - ISSUE_TRACKING,VENDOR_ADVISORY cve@mitre.org - ISSUE_TRACKING,VENDOR_ADVISORY cve@mitre.org - ISSUE_TRACKING,VENDOR_ADVISORY cve@mitre.org - ISSUE_TRACKING,VENDOR_ADVISORY cve@mitre.org - ISSUE_TRACKING,VENDOR_ADVISORY cve@mitre.org - ISSUE_TRACKING,VENDOR_ADVISORY cve@mitre.org - ISSUE_TRACKING,VENDOR_ADVISORY cve@mitre.org - ISSUE_TRACKING,VENDOR_ADVISORY cve@mitre.org - ISSUE_TRACKING,VENDOR_ADVISORY cve@mitre.org - ISSUE_TRACKING,VENDOR_ADVISORY cve@mitre.org - ISSUE_TRACKING,VENDOR_ADVISORY cve@mitre.org - ISSUE_TRACKING,VENDOR_ADVISORY cve@mitre.org - ISSUE_TRACKING,VENDOR_ADVISORY cve@mitre.org - ISSUE_TRACKING,VENDOR_ADVISORY cve@mitre.org - ISSUE_TRACKING,VENDOR_ADVISORY cve@mitre.org - ISSUE_TRACKING,VENDOR_ADVISORY cve@mitre.org - ISSUE_TRACKING,VENDOR_ADVISORY cve@mitre.org - MAILING_LIST cve@mitre.org - MAILING_LIST,PATCH,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,PATCH,VENDOR_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,VENDOR_ADVISORY cve@mitre.org - MAILING_LIST,VENDOR_ADVISORY cve@mitre.org - MITIGATION,PATCH,VENDOR_ADVISORY cve@mitre.org - MITIGATION,PATCH,VENDOR_ADVISORY cve@mitre.org - MITIGATION,VENDOR_ADVISORY cve@mitre.org - MITIGATION,VENDOR_ADVISORY cve@mitre.org - PATCH,THIRD_PARTY_ADVISORY cve@mitre.org - PATCH,THIRD_PARTY_ADVISORY cve@mitre.org - PATCH,VENDOR_ADVISORY cve@mitre.org - PATCH,VENDOR_ADVISORY cve@mitre.org - PATCH,VENDOR_ADVISORY cve@mitre.org - PATCH,VENDOR_ADVISORY cve@mitre.org - PATCH,VENDOR_ADVISORY cve@mitre.org - PATCH,VENDOR_ADVISORY cve@mitre.org - PATCH,VENDOR_ADVISORY cve@mitre.org - PATCH,VENDOR_ADVISORY cve@mitre.org - PATCH,VENDOR_ADVISORY cve@mitre.org - PATCH,VENDOR_ADVISORY cve@mitre.org - PRESS/MEDIA_COVERAGE cve@mitre.org - PRESS/MEDIA_COVERAGE,THIRD_PARTY_ADVISORY cve@mitre.org - PRESS/MEDIA_COVERAGE,THIRD_PARTY_ADVISORY cve@mitre.org - PRESS/MEDIA_COVERAGE,THIRD_PARTY_ADVISORY cve@mitre.org - PRESS/MEDIA_COVERAGE,THIRD_PARTY_ADVISORY cve@mitre.org - PRODUCT,RELEASE_NOTES,VENDOR_ADVISORY cve@mitre.org - PRODUCT,THIRD_PARTY_ADVISORY cve@mitre.org - PRODUCT,THIRD_PARTY_ADVISORY cve@mitre.org - PRODUCT,VENDOR_ADVISORY cve@mitre.org - RELEASE_NOTES,THIRD_PARTY_ADVISORY cve@mitre.org - RELEASE_NOTES,THIRD_PARTY_ADVISORY cve@mitre.org - RELEASE_NOTES,VENDOR_ADVISORY cve@mitre.org - RELEASE_NOTES,VENDOR_ADVISORY cve@mitre.org - TECHNICAL_DESCRIPTION,THIRD_PARTY_ADVISORY cve@mitre.org - TECHNICAL_DESCRIPTION,VENDOR_ADVISORY cve@mitre.org - TECHNICAL_DESCRIPTION,VENDOR_ADVISORY cve@mitre.org - TECHNICAL_DESCRIPTION,VENDOR_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY,US_GOVERNMENT_RESOURCE cve@mitre.org - VENDOR_ADVISORY cve@mitre.org - VENDOR_ADVISORY cve@mitre.org - VENDOR_ADVISORY cve@mitre.org - VENDOR_ADVISORY cve@mitre.org - VENDOR_ADVISORY cve@mitre.org - VENDOR_ADVISORY cve@mitre.org - VENDOR_ADVISORY cve@mitre.org - VENDOR_ADVISORY cve@mitre.org - VENDOR_ADVISORY cve@mitre.org - VENDOR_ADVISORY cve@mitre.org - VENDOR_ADVISORY cve@mitre.org - VENDOR_ADVISORY cve@mitre.org - VENDOR_ADVISORY cve@mitre.org - VENDOR_ADVISORY cve@mitre.org - VENDOR_ADVISORY cve@mitre.org - VENDOR_ADVISORY cve@mitre.org - VENDOR_ADVISORY cve@mitre.org - VENDOR_ADVISORY cve@mitre.org - VENDOR_ADVISORY cve@mitre.org - VENDOR_ADVISORY cve@mitre.org - VENDOR_ADVISORY Vulnerable Software & Versions: (show all )
CVE-2020-27216 suppress
In Eclipse Jetty versions 1.0 thru 9.4.32.v20200930, 10.0.0.alpha1 thru 10.0.0.beta2, and 11.0.0.alpha1 thru 11.0.0.beta2O, on Unix like systems, the system's temporary directory is shared between all users on that system. A collocated user can observe the process of creating a temporary sub directory in the shared temporary directory and race to complete the creation of the temporary subdirectory. If the attacker wins the race then they will have read and write permission to the subdirectory used to unpack web applications, including their WEB-INF/lib jar files and JSP files. If any code is ever executed out of this temporary directory, this can lead to a local privilege escalation vulnerability. CWE-378 Creation of Temporary File With Insecure Permissions, CWE-379 Creation of Temporary File in Directory with Insecure Permissions, NVD-CWE-Other
CVSSv2:
Base Score: MEDIUM (4.4) Vector: /AV:L/AC:M/Au:N/C:P/I:P/A:P CVSSv3:
Base Score: HIGH (7.0) Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:1.0/RC:R/MAV:A References:
emo@eclipse.org - EXPLOIT,MITIGATION,THIRD_PARTY_ADVISORY emo@eclipse.org - EXPLOIT,PATCH,VENDOR_ADVISORY emo@eclipse.org - MAILING_LIST,THIRD_PARTY_ADVISORY emo@eclipse.org - NOT_APPLICABLE,THIRD_PARTY_ADVISORY emo@eclipse.org - PATCH,THIRD_PARTY_ADVISORY emo@eclipse.org - PATCH,THIRD_PARTY_ADVISORY emo@eclipse.org - PATCH,THIRD_PARTY_ADVISORY emo@eclipse.org - PATCH,THIRD_PARTY_ADVISORY emo@eclipse.org - THIRD_PARTY_ADVISORY emo@eclipse.org - THIRD_PARTY_ADVISORY Vulnerable Software & Versions: (show all )
CVE-2019-10241 suppress
In Eclipse Jetty version 9.2.26 and older, 9.3.25 and older, and 9.4.15 and older, the server is vulnerable to XSS conditions if a remote client USES a specially formatted URL against the DefaultServlet or ResourceHandler that is configured for showing a Listing of directory contents. CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVSSv2:
Base Score: MEDIUM (4.3) Vector: /AV:N/AC:M/Au:N/C:N/I:P/A:N CVSSv3:
Base Score: MEDIUM (6.1) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:2.8/RC:R/MAV:A References:
Vulnerable Software & Versions: (show all )
CVE-2018-12536 suppress
In Eclipse Jetty Server, all 9.x versions, on webapps deployed using default Error Handling, when an intentionally bad query arrives that doesn't match a dynamic url-pattern, and is eventually handled by the DefaultServlet's static file serving, the bad characters can trigger a java.nio.file.InvalidPathException which includes the full path to the base resource directory that the DefaultServlet and/or webapp is using. If this InvalidPathException is then handled by the default Error Handler, the InvalidPathException message is included in the error response, revealing the full server path to the requesting system. CWE-209 Generation of Error Message Containing Sensitive Information, NVD-CWE-noinfo
CVSSv2:
Base Score: MEDIUM (5.0) Vector: /AV:N/AC:L/Au:N/C:P/I:N/A:N CVSSv3:
Base Score: MEDIUM (5.3) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:3.9/RC:R/MAV:A References:
Vulnerable Software & Versions: (show all )
CVE-2019-10247 suppress
In Eclipse Jetty version 7.x, 8.x, 9.2.27 and older, 9.3.26 and older, and 9.4.16 and older, the server running on any OS and Jetty version combination will reveal the configured fully qualified directory base resource location on the output of the 404 error for not finding a Context that matches the requested path. The default server behavior on jetty-distribution and jetty-home will include at the end of the Handler tree a DefaultHandler, which is responsible for reporting this 404 error, it presents the various configured contexts as HTML for users to click through to. This produced HTML includes output that contains the configured fully qualified directory base resource location for each context. CWE-213 Exposure of Sensitive Information Due to Incompatible Policies, CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
CVSSv2:
Base Score: MEDIUM (5.0) Vector: /AV:N/AC:L/Au:N/C:P/I:N/A:N CVSSv3:
Base Score: MEDIUM (5.3) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:3.9/RC:R/MAV:A References:
Vulnerable Software & Versions: (show all )
CVE-2020-27223 suppress
In Eclipse Jetty 9.4.6.v20170531 to 9.4.36.v20210114 (inclusive), 10.0.0, and 11.0.0 when Jetty handles a request containing multiple Accept headers with a large number of ���quality��� (i.e. q) parameters, the server may enter a denial of service (DoS) state due to high CPU usage processing those quality values, resulting in minutes of CPU time exhausted processing those quality values. CWE-400 Uncontrolled Resource Consumption, CWE-407 Inefficient Algorithmic Complexity
CVSSv2:
Base Score: MEDIUM (4.3) Vector: /AV:N/AC:M/Au:N/C:N/I:N/A:P CVSSv3:
Base Score: MEDIUM (5.3) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:3.9/RC:R/MAV:A References:
Vulnerable Software & Versions: (show all )
CVE-2021-28169 suppress
For Eclipse Jetty versions <= 9.4.40, <= 10.0.2, <= 11.0.2, it is possible for requests to the ConcatServlet with a doubly encoded path to access protected resources within the WEB-INF directory. For example a request to `/concat?/%2557EB-INF/web.xml` can retrieve the web.xml file. This can reveal sensitive information regarding the implementation of a web application. NVD-CWE-Other, CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
CVSSv2:
Base Score: MEDIUM (5.0) Vector: /AV:N/AC:L/Au:N/C:P/I:N/A:N CVSSv3:
Base Score: MEDIUM (5.3) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:3.9/RC:R/MAV:A References:
Vulnerable Software & Versions: (show all )
CVE-2023-26048 suppress
Jetty is a java based web server and servlet engine. In affected versions servlets with multipart support (e.g. annotated with `@MultipartConfig`) that call `HttpServletRequest.getParameter()` or `HttpServletRequest.getParts()` may cause `OutOfMemoryError` when the client sends a multipart request with a part that has a name but no filename and very large content. This happens even with the default settings of `fileSizeThreshold=0` which should stream the whole part content to disk. An attacker client may send a large multipart request and cause the server to throw `OutOfMemoryError`. However, the server may be able to recover after the `OutOfMemoryError` and continue its service -- although it may take some time. This issue has been patched in versions 9.4.51, 10.0.14, and 11.0.14. Users are advised to upgrade. Users unable to upgrade may set the multipart parameter `maxRequestSize` which must be set to a non-negative value, so the whole multipart content is limited (although still read into memory). CWE-400 Uncontrolled Resource Consumption, CWE-770 Allocation of Resources Without Limits or Throttling
CVSSv3:
Base Score: MEDIUM (5.3) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:3.9/RC:R/MAV:A References:
Vulnerable Software & Versions: (show all )
CVE-2023-26049 suppress
Jetty is a java based web server and servlet engine. Nonstandard cookie parsing in Jetty may allow an attacker to smuggle cookies within other cookies, or otherwise perform unintended behavior by tampering with the cookie parsing mechanism. If Jetty sees a cookie VALUE that starts with `"` (double quote), it will continue to read the cookie string until it sees a closing quote -- even if a semicolon is encountered. So, a cookie header such as: `DISPLAY_LANGUAGE="b; JSESSIONID=1337; c=d"` will be parsed as one cookie, with the name DISPLAY_LANGUAGE and a value of b; JSESSIONID=1337; c=d instead of 3 separate cookies. This has security implications because if, say, JSESSIONID is an HttpOnly cookie, and the DISPLAY_LANGUAGE cookie value is rendered on the page, an attacker can smuggle the JSESSIONID cookie into the DISPLAY_LANGUAGE cookie and thereby exfiltrate it. This is significant when an intermediary is enacting some policy based on cookies, so a smuggled cookie can bypass that policy yet still be seen by the Jetty server or its logging system. This issue has been addressed in versions 9.4.51, 10.0.14, 11.0.14, and 12.0.0.beta0 and users are advised to upgrade. There are no known workarounds for this issue. NVD-CWE-noinfo, CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
CVSSv3:
Base Score: MEDIUM (5.3) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:3.9/RC:R/MAV:A References:
Vulnerable Software & Versions: (show all )
CVE-2023-40167 suppress
Jetty is a Java based web server and servlet engine. Prior to versions 9.4.52, 10.0.16, 11.0.16, and 12.0.1, Jetty accepts the `+` character proceeding the content-length value in a HTTP/1 header field. This is more permissive than allowed by the RFC and other servers routinely reject such requests with 400 responses. There is no known exploit scenario, but it is conceivable that request smuggling could result if jetty is used in combination with a server that does not close the connection after sending such a 400 response. Versions 9.4.52, 10.0.16, 11.0.16, and 12.0.1 contain a patch for this issue. There is no workaround as there is no known exploit scenario. CWE-130 Improper Handling of Length Parameter Inconsistency, NVD-CWE-noinfo
CVSSv3:
Base Score: MEDIUM (5.3) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:3.9/RC:R/MAV:A References:
Vulnerable Software & Versions: (show all )
CVE-2020-27218 suppress
In Eclipse Jetty version 9.4.0.RC0 to 9.4.34.v20201102, 10.0.0.alpha0 to 10.0.0.beta2, and 11.0.0.alpha0 to 11.0.0.beta2, if GZIP request body inflation is enabled and requests from different clients are multiplexed onto a single connection, and if an attacker can send a request with a body that is received entirely but not consumed by the application, then a subsequent request on the same connection will see that body prepended to its body. The attacker will not see any data but may inject data into the body of the subsequent request. CWE-226 Sensitive Information in Resource Not Removed Before Reuse, NVD-CWE-noinfo
CVSSv2:
Base Score: MEDIUM (5.8) Vector: /AV:N/AC:M/Au:N/C:N/I:P/A:P CVSSv3:
Base Score: MEDIUM (4.8) Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L/E:2.2/RC:R/MAV:A References:
Vulnerable Software & Versions: (show all )
CVE-2023-36479 suppress
Eclipse Jetty Canonical Repository is the canonical repository for the Jetty project. Users of the CgiServlet with a very specific command structure may have the wrong command executed. If a user sends a request to a org.eclipse.jetty.servlets.CGI Servlet for a binary with a space in its name, the servlet will escape the command by wrapping it in quotation marks. This wrapped command, plus an optional command prefix, will then be executed through a call to Runtime.exec. If the original binary name provided by the user contains a quotation mark followed by a space, the resulting command line will contain multiple tokens instead of one. This issue was patched in version 9.4.52, 10.0.16, 11.0.16 and 12.0.0-beta2.
CWE-149 Improper Neutralization of Quoting Syntax
CVSSv3:
Base Score: MEDIUM (4.3) Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N/E:2.8/RC:R/MAV:A References:
Vulnerable Software & Versions: (show all )
CVE-2021-34428 suppress
For Eclipse Jetty versions <= 9.4.40, <= 10.0.2, <= 11.0.2, if an exception is thrown from the SessionListener#sessionDestroyed() method, then the session ID is not invalidated in the session ID manager. On deployments with clustered sessions and multiple contexts this can result in a session not being invalidated. This can result in an application used on a shared computer being left logged in. CWE-613 Insufficient Session Expiration
CVSSv2:
Base Score: LOW (3.6) Vector: /AV:L/AC:L/Au:N/C:P/I:P/A:N CVSSv3:
Base Score: LOW (3.5) Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N/E:0.9/RC:R/MAV:A References:
Vulnerable Software & Versions: (show all )
CVE-2022-2047 suppress
In Eclipse Jetty versions 9.4.0 thru 9.4.46, and 10.0.0 thru 10.0.9, and 11.0.0 thru 11.0.9 versions, the parsing of the authority segment of an http scheme URI, the Jetty HttpURI class improperly detects an invalid input as a hostname. This can lead to failures in a Proxy scenario. CWE-20 Improper Input Validation
CVSSv2:
Base Score: MEDIUM (4.0) Vector: /AV:N/AC:L/Au:S/C:N/I:P/A:N CVSSv3:
Base Score: LOW (2.7) Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N/E:1.2/RC:R/MAV:A References:
Vulnerable Software & Versions: (show all )
joda-time-2.9.9.jarDescription:
Date and time library to replace JDK date handling License:
Apache 2: http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/runner/.m2/repository/joda-time/joda-time/2.9.9/joda-time-2.9.9.jar
MD5: eca438c8cc2b1de38e28d884b7f15dbc
SHA1: f7b520c458572890807d143670c9b24f4de90897
SHA256: b049a43c1057942e6acfbece008e4949b2e35d1658d0c8e06f4485397e2fa4e7
Referenced In Project/Scope: shardingsphere-infra-database-hive:provided
joda-time-2.9.9.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.hive/hive-jdbc@3.1.3
Evidence Type Source Name Value Confidence Vendor file name joda-time High Vendor jar package name joda Highest Vendor jar package name time Highest Vendor Manifest bundle-docurl http://www.joda.org/joda-time/ Low Vendor Manifest bundle-symbolicname joda-time Medium Vendor Manifest extension-name joda-time Medium Vendor Manifest implementation-url http://www.joda.org/joda-time/ Low Vendor Manifest Implementation-Vendor Joda.org High Vendor Manifest Implementation-Vendor-Id org.joda Medium Vendor Manifest specification-vendor Joda.org Low Vendor pom artifactid joda-time Highest Vendor pom artifactid joda-time Low Vendor pom developer id broneill Medium Vendor pom developer id jodastephen Medium Vendor pom developer name Brian S O'Neill Medium Vendor pom developer name Stephen Colebourne Medium Vendor pom groupid joda-time Highest Vendor pom name Joda-Time High Vendor pom organization name Joda.org High Vendor pom organization url http://www.joda.org Medium Vendor pom url http://www.joda.org/joda-time/ Highest Product file name joda-time High Product jar package name joda Highest Product jar package name time Highest Product Manifest bundle-docurl http://www.joda.org/joda-time/ Low Product Manifest Bundle-Name Joda-Time Medium Product Manifest bundle-symbolicname joda-time Medium Product Manifest extension-name joda-time Medium Product Manifest Implementation-Title org.joda.time High Product Manifest implementation-url http://www.joda.org/joda-time/ Low Product Manifest specification-title Joda-Time Medium Product pom artifactid joda-time Highest Product pom developer id broneill Low Product pom developer id jodastephen Low Product pom developer name Brian S O'Neill Low Product pom developer name Stephen Colebourne Low Product pom groupid joda-time Highest Product pom name Joda-Time High Product pom organization name Joda.org Low Product pom organization url http://www.joda.org Low Product pom url http://www.joda.org/joda-time/ Medium Version file version 2.9.9 High Version Manifest Bundle-Version 2.9.9 High Version Manifest Implementation-Version 2.9.9 High Version pom version 2.9.9 Highest
jpam-1.1.jarDescription:
Jpam is a Java-PAM bridge. PAM, or Pluggable Authentication Modules, is a standard security architecture used on Linux, Solaris, HP-UX, Mac OS X and other Unix systems.
License:
The Apache Software License, Version 2.0: http://jpam.sourceforge.net/LICENSE.txt File Path: /home/runner/.m2/repository/net/sf/jpam/jpam/1.1/jpam-1.1.jar
MD5: f0459c2d72cc35f947bac690729a32a2
SHA1: cb3d91c2dfda767518a371dbb02edfd6a4aa0600
SHA256: 3db38287ef038b01b7e73f2c62c3e7107af24a6b0cf95fda904b4330edcf8b28
Referenced In Project/Scope: shardingsphere-infra-database-hive:provided
jpam-1.1.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.hive/hive-jdbc@3.1.3
Evidence Type Source Name Value Confidence Vendor file name jpam High Vendor jar package name jpam Highest Vendor jar package name jpam Low Vendor jar package name net Highest Vendor jar package name net Low Vendor jar package name sf Highest Vendor jar package name sf Low Vendor pom artifactid jpam Highest Vendor pom artifactid jpam Low Vendor pom developer email gregluck at users.sourceforge.net Low Vendor pom developer id gregluck Medium Vendor pom developer name Greg Luck Medium Vendor pom groupid net.sf.jpam Highest Vendor pom name JPam High Vendor pom url http://jpam.sf.net Highest Product file name jpam High Product jar package name jpam Highest Product jar package name jpam Low Product jar package name net Highest Product jar package name sf Highest Product jar package name sf Low Product pom artifactid jpam Highest Product pom developer email gregluck at users.sourceforge.net Low Product pom developer id gregluck Low Product pom developer name Greg Luck Low Product pom groupid net.sf.jpam Highest Product pom name JPam High Product pom url http://jpam.sf.net Medium Version file version 1.1 High Version pom version 1.1 Highest
json-1.8.jarDescription:
A clean-room Apache-licensed implementation of simple JSON processing License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/runner/.m2/repository/com/tdunning/json/1.8/json-1.8.jar
MD5: a89b66cf37063d0ee4f401193eb0ca2d
SHA1: fa57d5adf557b226738cd42e6c093dd0a76c5fd4
SHA256: e0b487de3ccd3d1c288976677835e49880799c35507059039a18fa4ae1e7c59a
Referenced In Project/Scope: shardingsphere-infra-database-hive:provided
json-1.8.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.hive/hive-jdbc@3.1.3
Evidence Type Source Name Value Confidence Vendor file name json High Vendor jar package name json Highest Vendor jar package name json Low Vendor pom artifactid json Highest Vendor pom artifactid json Low Vendor pom developer email ted.dunning@gmail.com Low Vendor pom developer id tdunning Medium Vendor pom developer name Ted Medium Vendor pom groupid com.tdunning Highest Vendor pom name Open JSON High Vendor pom url tdunning/open-json Highest Product file name json High Product jar package name json Highest Product pom artifactid json Highest Product pom developer email ted.dunning@gmail.com Low Product pom developer id tdunning Low Product pom developer name Ted Low Product pom groupid com.tdunning Highest Product pom name Open JSON High Product pom url tdunning/open-json High Version file version 1.8 High Version pom version 1.8 Highest
json-20231013.jarDescription:
JSON is a light-weight, language independent, data interchange format.
See http://www.JSON.org/
The files in this package implement JSON encoders/decoders in Java.
It also includes the capability to convert between JSON and XML, HTTP
headers, Cookies, and CDL.
This is a reference implementation. There are a large number of JSON packages
in Java. Perhaps someday the Java community will standardize on one. Until
then, choose carefully.
License:
Public Domain: https://github.com/stleary/JSON-java/blob/master/LICENSE File Path: /home/runner/.m2/repository/org/json/json/20231013/json-20231013.jar
MD5: 1a0702c57783ce9e948252c34644f328
SHA1: e22e0c040fe16f04ffdb85d851d77b07fc05ea52
SHA256: 0f18192df289114e17aa1a0d0a7f8372cc9f5c7e4f7e39adcf8906fe714fa7d3
Referenced In Project/Scope: shardingsphere-global-clock-tso-provider-redis:provided
json-20231013.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/redis.clients/jedis@4.4.6
Evidence Type Source Name Value Confidence Vendor file name json-20231013 High Vendor jar package name cdl Highest Vendor jar package name http Highest Vendor jar package name json Highest Vendor jar package name xml Highest Vendor Manifest automatic-module-name org.json Medium Vendor Manifest build-jdk-spec 1.8 Low Vendor Manifest bundle-symbolicname json Medium Vendor pom artifactid json Highest Vendor pom artifactid json Low Vendor pom developer email douglas@crockford.com Low Vendor pom developer name Douglas Crockford Medium Vendor pom groupid org.json Highest Vendor pom name JSON in Java High Vendor pom url douglascrockford/JSON-java Highest Product file name json-20231013 High Product jar package name cdl Highest Product jar package name http Highest Product jar package name json Highest Product jar package name xml Highest Product Manifest automatic-module-name org.json Medium Product Manifest build-jdk-spec 1.8 Low Product Manifest Bundle-Name JSON in Java Medium Product Manifest bundle-symbolicname json Medium Product pom artifactid json Highest Product pom developer email douglas@crockford.com Low Product pom developer name Douglas Crockford Low Product pom groupid org.json Highest Product pom name JSON in Java High Product pom url douglascrockford/JSON-java High Version file version 20231013 Medium Version pom version 20231013 Highest
json-path-2.9.0.jar json-simple-1.1.1.jar json-smart-2.4.10.jarDescription:
JSON (JavaScript Object Notation) is a lightweight data-interchange format. It is easy for humans to read and write. It is easy for machines to parse and generate. It is based on a subset of the JavaScript Programming Language, Standard ECMA-262 3rd Edition - December 1999. JSON is a text format that is completely language independent but uses conventions that are familiar to programmers of the C-family of languages, including C, C++, C#, Java, JavaScript, Perl, Python, and many others. These properties make JSON an ideal data-interchange language. License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/runner/.m2/repository/net/minidev/json-smart/2.4.10/json-smart-2.4.10.jar
MD5: 36e22527b5f44ea6f0ff3086608cbf38
SHA1: 91cb329e9424bf32131eeb1ce2d17bf31b9899bc
SHA256: 70cab5e9488630dc631b1fc6e7fa550d95cddd19ba14db39ceca7cabfbd4e5ae
Referenced In Projects/Scopes: shardingsphere-proxy-frontend-mysql:runtime shardingsphere-proxy-frontend-postgresql:runtime shardingsphere-agent-metrics-core:provided shardingsphere-proxy-frontend-core:runtime shardingsphere-agent-tracing-core:provided shardingsphere-agent-logging-file:provided shardingsphere-data-pipeline-postgresql:runtime shardingsphere-sql-federation-core:runtime shardingsphere-test-e2e-transaction:runtime shardingsphere-agent-plugin-core:provided shardingsphere-proxy-backend-opengauss:runtime shardingsphere-test-e2e-agent-plugins-logging-file:runtime shardingsphere-agent-plugin-logging:provided shardingsphere-proxy-backend-hbase:runtime shardingsphere-test-util:runtime shardingsphere-test-it-parser:runtime shardingsphere-agent-metrics-type:provided shardingsphere-agent-tracing-opentelemetry:provided shardingsphere-proxy-frontend-spi:runtime shardingsphere-test-e2e-showprocesslist:runtime shardingsphere-test-e2e-agent-jdbc-project:runtime shardingsphere-agent-tracing-type:provided shardingsphere-data-pipeline-cdc-core:runtime shardingsphere-test-e2e-agent-plugins-jaeger:runtime shardingsphere-sql-federation-executor:runtime shardingsphere-agent-plugins:provided shardingsphere-data-pipeline-core:runtime shardingsphere-agent-plugin-tracing:provided shardingsphere-proxy-distribution:runtime shardingsphere-agent-logging-type:provided shardingsphere-test-e2e-pipeline:runtime shardingsphere-test-it-pipeline:runtime shardingsphere-data-pipeline-scenario-migration:runtime shardingsphere-jdbc:runtime shardingsphere-sql-federation-distsql-handler:runtime shardingsphere-test-e2e-fixture:runtime shardingsphere-data-pipeline-opengauss:runtime shardingsphere-data-pipeline-distsql-handler:runtime shardingsphere-jdbc-distribution:runtime shardingsphere-test-it-optimizer:runtime shardingsphere-test-e2e-sql:runtime shardingsphere-proxy-native-distribution:runtime shardingsphere-test-e2e-agent-plugins-zipkin:runtime shardingsphere-test-e2e-agent-plugins-metrics-prometheus:runtime shardingsphere-test-e2e-env:runtime shardingsphere-proxy-backend-mysql:runtime shardingsphere-data-pipeline-scenario-consistencycheck:runtime shardingsphere-sql-federation-optimizer:runtime shardingsphere-proxy-backend-core:runtime shardingsphere-test-e2e-driver:runtime shardingsphere-agent-metrics-prometheus:provided shardingsphere-proxy-bootstrap:runtime shardingsphere-proxy-frontend-opengauss:runtime shardingsphere-proxy-backend-postgresql:runtime shardingsphere-agent-plugin-metrics:provided shardingsphere-test-e2e-agent-plugins-common:runtime json-smart-2.4.10.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.shardingsphere/shardingsphere-test-util@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-util@5.5.1-SNAPSHOT pkg:maven/com.jayway.jsonpath/json-path@2.9.0 pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-common@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-util@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-util@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-util@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-jdbc@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-fixture@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-sql-federation-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-util@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-common@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-util@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-util@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-fixture@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-util@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-util@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-util@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-jdbc@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-util@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-util@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-util@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-common@5.5.1-SNAPSHOT pkg:maven/com.jayway.jsonpath/json-path@2.9.0 pkg:maven/org.apache.shardingsphere/shardingsphere-test-util@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-util@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-util@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-scenario-consistencycheck@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-util@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-util@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-sql-federation-optimizer@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-util@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-postgresql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-bootstrap@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-util@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-bootstrap@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-jdbc@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-common@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-util@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-jdbc@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-env@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-sql-federation-optimizer@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-util@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-util@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-util@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-util@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-util@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-util@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-util@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-sql-federation-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-jdbc@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-env@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-util@5.5.1-SNAPSHOT Evidence Type Source Name Value Confidence Vendor file name json-smart High Vendor jar package name json Highest Vendor jar package name minidev Highest Vendor jar package name net Highest Vendor jar package name parser Highest Vendor Manifest build-jdk-spec 11 Low Vendor Manifest bundle-docurl https://urielch.github.io/ Low Vendor Manifest bundle-symbolicname net.minidev.json-smart Medium Vendor pom artifactid json-smart Highest Vendor pom artifactid json-smart Low Vendor pom developer email adoneitan@gmail.com Low Vendor pom developer email shoothzj@gmail.com Low Vendor pom developer email uchemouni@gmail.com Low Vendor pom developer id erav Medium Vendor pom developer id Shoothzj Medium Vendor pom developer id uriel Medium Vendor pom developer name Eitan Raviv Medium Vendor pom developer name Uriel Chemouni Medium Vendor pom developer name ZhangJian He Medium Vendor pom groupid net.minidev Highest Vendor pom name JSON Small and Fast Parser High Vendor pom organization name Chemouni Uriel High Vendor pom organization url https://urielch.github.io/ Medium Vendor pom url https://urielch.github.io/ Highest Product file name json-smart High Product jar package name json Highest Product jar package name minidev Highest Product jar package name net Highest Product jar package name parser Highest Product Manifest build-jdk-spec 11 Low Product Manifest bundle-docurl https://urielch.github.io/ Low Product Manifest Bundle-Name json-smart Medium Product Manifest bundle-symbolicname net.minidev.json-smart Medium Product pom artifactid json-smart Highest Product pom developer email adoneitan@gmail.com Low Product pom developer email shoothzj@gmail.com Low Product pom developer email uchemouni@gmail.com Low Product pom developer id erav Low Product pom developer id Shoothzj Low Product pom developer id uriel Low Product pom developer name Eitan Raviv Low Product pom developer name Uriel Chemouni Low Product pom developer name ZhangJian He Low Product pom groupid net.minidev Highest Product pom name JSON Small and Fast Parser High Product pom organization name Chemouni Uriel Low Product pom organization url https://urielch.github.io/ Low Product pom url https://urielch.github.io/ Medium Version file version 2.4.10 High Version Manifest Bundle-Version 2.4.10 High Version pom version 2.4.10 Highest
jsr305-3.0.2.jar jta-1.1.jarDescription:
The javax.transaction package. It is appropriate for inclusion in a classpath, and may be added to a Java 2 installation.
File Path: /home/runner/.m2/repository/javax/transaction/jta/1.1/jta-1.1.jarMD5: 82a10ce714f411b28f13850059de09eeSHA1: 2ca09f0b36ca7d71b762e14ea2ff09d5eac57558SHA256: b8ec163b4a47bad16f9a0b7d03c3210c6b0a29216d768031073ac20817c0ba50Referenced In Project/Scope: shardingsphere-infra-database-hive:providedjta-1.1.jar is in the transitive dependency tree of the listed items. Included by:
pkg:maven/org.apache.hive/hive-jdbc@3.1.3 pkg:maven/org.apache.hive/hive-jdbc@3.1.3 Evidence Type Source Name Value Confidence Vendor file name jta High Vendor jar package name javax Highest Vendor jar package name transaction Highest Vendor Manifest extension-name javax.transaction Medium Vendor Manifest specification-vendor Sun Microsystems, Inc. Low Vendor pom artifactid jta Highest Vendor pom artifactid jta Low Vendor pom groupid javax.transaction Highest Vendor pom name Java Transaction API High Vendor pom url http://java.sun.com/products/jta Highest Product file name jta High Product jar package name javax Highest Product jar package name transaction Highest Product Manifest extension-name javax.transaction Medium Product Manifest specification-title Java Transaction API Specification Medium Product pom artifactid jta Highest Product pom groupid javax.transaction Highest Product pom name Java Transaction API High Product pom url http://java.sun.com/products/jta Medium Version file version 1.1 High Version Manifest specification-version 1.1 High Version pom version 1.1 Highest
Related Dependencies transaction-api-1.1.jarFile Path: /home/runner/.m2/repository/javax/transaction/transaction-api/1.1/transaction-api-1.1.jar MD5: 82a10ce714f411b28f13850059de09ee SHA1: 2ca09f0b36ca7d71b762e14ea2ff09d5eac57558 SHA256: b8ec163b4a47bad16f9a0b7d03c3210c6b0a29216d768031073ac20817c0ba50 pkg:maven/javax.transaction/transaction-api@1.1 jta-5.12.7.Final.jarDescription:
Narayana: ArjunaJTA jta File Path: /home/runner/.m2/repository/org/jboss/narayana/jta/jta/5.12.7.Final/jta-5.12.7.Final.jarMD5: 4570c0e0510f471457a179fe96abe9bfSHA1: 9eacf117643cac647f7f849efc6e8deea3cfe2f0SHA256: de58da3aea4ab03f386f8642dec716ce888a3b3e92c423137af25cfc161c542bReferenced In Projects/Scopes:
shardingsphere-test-e2e-agent-plugins-metrics-prometheus:compile shardingsphere-test-e2e-transaction:compile shardingsphere-test-e2e-agent-plugins-jaeger:compile shardingsphere-test-e2e-sql:compile shardingsphere-test-e2e-agent-plugins-logging-file:compile shardingsphere-test-e2e-agent-plugins-common:compile shardingsphere-test-e2e-env:compile shardingsphere-test-e2e-fixture:compile shardingsphere-test-e2e-agent-plugins-zipkin:compile shardingsphere-transaction-xa-narayana:provided shardingsphere-test-e2e-pipeline:compile shardingsphere-test-e2e-showprocesslist:compile jta-5.12.7.Final.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.shardingsphere/shardingsphere-transaction-xa-narayana@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-common@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-common@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-env@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-fixture@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-common@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-fixture@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-fixture@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-env@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-fixture@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-transaction@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-common@5.5.1-SNAPSHOT Evidence Type Source Name Value Confidence Vendor file name jta High Vendor jar package name jta Highest Vendor Manifest build-jdk-spec 11 Low Vendor Manifest implementation-url http://www.jboss.org/ Low Vendor Manifest Implementation-Vendor JBoss by Red Hat, Inc. High Vendor Manifest Implementation-Vendor-Id http://www.jboss.org/ Medium Vendor Manifest os-arch amd64 Low Vendor Manifest os-name Linux Medium Vendor Manifest specification-vendor JBoss by Red Hat Low Vendor pom artifactid jta Highest Vendor pom artifactid jta Low Vendor pom groupid org.jboss.narayana.jta Highest Vendor pom name Narayana: ArjunaJTA jta High Vendor pom parent-artifactid narayana-jta-all Low Product file name jta High Product jar package name jta Highest Product Manifest build-jdk-spec 11 Low Product Manifest Implementation-Title Narayana: ArjunaJTA jta High Product Manifest implementation-url http://www.jboss.org/ Low Product Manifest os-arch amd64 Low Product Manifest os-name Linux Medium Product Manifest specification-title Narayana: ArjunaJTA jta Medium Product pom artifactid jta Highest Product pom groupid org.jboss.narayana.jta Highest Product pom name Narayana: ArjunaJTA jta High Product pom parent-artifactid narayana-jta-all Medium Version Manifest Implementation-Version 5.12.7.Final High Version pom version 5.12.7.Final Highest
jts-core-1.19.0.jar jts-io-common-1.19.0.jar jul-to-slf4j-1.7.36.jar junit-jupiter-api-5.10.2.jarDescription:
Module "junit-jupiter-api" of JUnit 5. License:
Eclipse Public License v2.0: https://www.eclipse.org/legal/epl-v20.html File Path: /home/runner/.m2/repository/org/junit/jupiter/junit-jupiter-api/5.10.2/junit-jupiter-api-5.10.2.jar
MD5: 6e691e23a36de8cbda5cbcc9f31461e3
SHA1: fb55d6e2bce173f35fd28422e7975539621055ef
SHA256: afff77c186cd317275803872fa5133aa801fd6ac40bd91c78a6cf8009b4b17cc
Referenced In Projects/Scopes: shardingsphere-test-it-parser:compile shardingsphere-test-util:compile shardingsphere-test-it-yaml:compile junit-jupiter-api-5.10.2.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.shardingsphere/shardingsphere-test-it-yaml@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-it-parser@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-util@5.5.1-SNAPSHOT Evidence Type Source Name Value Confidence Vendor file name junit-jupiter-api High Vendor jar package name api Highest Vendor jar package name junit Highest Vendor jar package name jupiter Highest Vendor Manifest build-date 2024-02-04 Low Vendor Manifest build-revision 4c0dddad1b96d4a20e92a2cd583954643ac56ac0 Low Vendor Manifest build-time 09:34:27.111+0100 Low Vendor Manifest bundle-symbolicname junit-jupiter-api Medium Vendor Manifest Implementation-Vendor junit.org High Vendor Manifest specification-vendor junit.org Low Vendor pom artifactid junit-jupiter-api Highest Vendor pom artifactid junit-jupiter-api Low Vendor pom developer email business@johanneslink.net Low Vendor pom developer email derancourt.juliette@gmail.com Low Vendor pom developer email mail@marcphilipp.de Low Vendor pom developer email matthias.merdes@heidelpay.com Low Vendor pom developer email sam@sambrannen.com Low Vendor pom developer email sormuras@gmail.com Low Vendor pom developer email stefan.bechtold@me.com Low Vendor pom developer id bechte Medium Vendor pom developer id jlink Medium Vendor pom developer id juliette-derancourt Medium Vendor pom developer id marcphilipp Medium Vendor pom developer id mmerdes Medium Vendor pom developer id sbrannen Medium Vendor pom developer id sormuras Medium Vendor pom developer name Christian Stein Medium Vendor pom developer name Johannes Link Medium Vendor pom developer name Juliette de Rancourt Medium Vendor pom developer name Marc Philipp Medium Vendor pom developer name Matthias Merdes Medium Vendor pom developer name Sam Brannen Medium Vendor pom developer name Stefan Bechtold Medium Vendor pom groupid org.junit.jupiter Highest Vendor pom name JUnit Jupiter API High Vendor pom url https://junit.org/junit5/ Highest Product file name junit-jupiter-api High Product jar package name api Highest Product jar package name junit Highest Product jar package name jupiter Highest Product Manifest build-date 2024-02-04 Low Product Manifest build-revision 4c0dddad1b96d4a20e92a2cd583954643ac56ac0 Low Product Manifest build-time 09:34:27.111+0100 Low Product Manifest Bundle-Name JUnit Jupiter API Medium Product Manifest bundle-symbolicname junit-jupiter-api Medium Product Manifest Implementation-Title junit-jupiter-api High Product Manifest specification-title junit-jupiter-api Medium Product pom artifactid junit-jupiter-api Highest Product pom developer email business@johanneslink.net Low Product pom developer email derancourt.juliette@gmail.com Low Product pom developer email mail@marcphilipp.de Low Product pom developer email matthias.merdes@heidelpay.com Low Product pom developer email sam@sambrannen.com Low Product pom developer email sormuras@gmail.com Low Product pom developer email stefan.bechtold@me.com Low Product pom developer id bechte Low Product pom developer id jlink Low Product pom developer id juliette-derancourt Low Product pom developer id marcphilipp Low Product pom developer id mmerdes Low Product pom developer id sbrannen Low Product pom developer id sormuras Low Product pom developer name Christian Stein Low Product pom developer name Johannes Link Low Product pom developer name Juliette de Rancourt Low Product pom developer name Marc Philipp Low Product pom developer name Matthias Merdes Low Product pom developer name Sam Brannen Low Product pom developer name Stefan Bechtold Low Product pom groupid org.junit.jupiter Highest Product pom name JUnit Jupiter API High Product pom url https://junit.org/junit5/ Medium Version file version 5.10.2 High Version Manifest Bundle-Version 5.10.2 High Version Manifest Implementation-Version 5.10.2 High Version pom version 5.10.2 Highest
junit-jupiter-engine-5.10.2.jarDescription:
Module "junit-jupiter-engine" of JUnit 5. License:
Eclipse Public License v2.0: https://www.eclipse.org/legal/epl-v20.html File Path: /home/runner/.m2/repository/org/junit/jupiter/junit-jupiter-engine/5.10.2/junit-jupiter-engine-5.10.2.jar
MD5: 830301d576c574fbf82320f93f8abacd
SHA1: f1f8fe97bd58e85569205f071274d459c2c4f8cd
SHA256: b6df35da750a546ae932376f11b3c0df841f0c90c7cb2944cd39adb432886e4b
Referenced In Projects/Scopes: shardingsphere-test-it-parser:compile shardingsphere-test-util:compile shardingsphere-test-it-yaml:compile junit-jupiter-engine-5.10.2.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.shardingsphere/shardingsphere-test-it-yaml@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-it-parser@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-util@5.5.1-SNAPSHOT Evidence Type Source Name Value Confidence Vendor file name junit-jupiter-engine High Vendor jar package name engine Highest Vendor jar package name junit Highest Vendor jar package name jupiter Highest Vendor Manifest build-date 2024-02-04 Low Vendor Manifest build-revision 4c0dddad1b96d4a20e92a2cd583954643ac56ac0 Low Vendor Manifest build-time 09:34:27.111+0100 Low Vendor Manifest bundle-symbolicname junit-jupiter-engine Medium Vendor Manifest Implementation-Vendor junit.org High Vendor Manifest provide-capability org.junit.platform.engine;org.junit.platform.engine=junit-jupiter;version:Version="5.10.2" Low Vendor Manifest specification-vendor junit.org Low Vendor pom artifactid junit-jupiter-engine Highest Vendor pom artifactid junit-jupiter-engine Low Vendor pom developer email business@johanneslink.net Low Vendor pom developer email derancourt.juliette@gmail.com Low Vendor pom developer email mail@marcphilipp.de Low Vendor pom developer email matthias.merdes@heidelpay.com Low Vendor pom developer email sam@sambrannen.com Low Vendor pom developer email sormuras@gmail.com Low Vendor pom developer email stefan.bechtold@me.com Low Vendor pom developer id bechte Medium Vendor pom developer id jlink Medium Vendor pom developer id juliette-derancourt Medium Vendor pom developer id marcphilipp Medium Vendor pom developer id mmerdes Medium Vendor pom developer id sbrannen Medium Vendor pom developer id sormuras Medium Vendor pom developer name Christian Stein Medium Vendor pom developer name Johannes Link Medium Vendor pom developer name Juliette de Rancourt Medium Vendor pom developer name Marc Philipp Medium Vendor pom developer name Matthias Merdes Medium Vendor pom developer name Sam Brannen Medium Vendor pom developer name Stefan Bechtold Medium Vendor pom groupid org.junit.jupiter Highest Vendor pom name JUnit Jupiter Engine High Vendor pom url https://junit.org/junit5/ Highest Product file name junit-jupiter-engine High Product jar package name engine Highest Product jar package name junit Highest Product jar package name jupiter Highest Product Manifest build-date 2024-02-04 Low Product Manifest build-revision 4c0dddad1b96d4a20e92a2cd583954643ac56ac0 Low Product Manifest build-time 09:34:27.111+0100 Low Product Manifest Bundle-Name JUnit Jupiter Engine Medium Product Manifest bundle-symbolicname junit-jupiter-engine Medium Product Manifest Implementation-Title junit-jupiter-engine High Product Manifest provide-capability org.junit.platform.engine;org.junit.platform.engine=junit-jupiter;version:Version="5.10.2" Low Product Manifest specification-title junit-jupiter-engine Medium Product pom artifactid junit-jupiter-engine Highest Product pom developer email business@johanneslink.net Low Product pom developer email derancourt.juliette@gmail.com Low Product pom developer email mail@marcphilipp.de Low Product pom developer email matthias.merdes@heidelpay.com Low Product pom developer email sam@sambrannen.com Low Product pom developer email sormuras@gmail.com Low Product pom developer email stefan.bechtold@me.com Low Product pom developer id bechte Low Product pom developer id jlink Low Product pom developer id juliette-derancourt Low Product pom developer id marcphilipp Low Product pom developer id mmerdes Low Product pom developer id sbrannen Low Product pom developer id sormuras Low Product pom developer name Christian Stein Low Product pom developer name Johannes Link Low Product pom developer name Juliette de Rancourt Low Product pom developer name Marc Philipp Low Product pom developer name Matthias Merdes Low Product pom developer name Sam Brannen Low Product pom developer name Stefan Bechtold Low Product pom groupid org.junit.jupiter Highest Product pom name JUnit Jupiter Engine High Product pom url https://junit.org/junit5/ Medium Version file version 5.10.2 High Version Manifest Bundle-Version 5.10.2 High Version Manifest Implementation-Version 5.10.2 High Version pom version 5.10.2 Highest
junit-jupiter-params-5.10.2.jarDescription:
Module "junit-jupiter-params" of JUnit 5. License:
Eclipse Public License v2.0: https://www.eclipse.org/legal/epl-v20.html File Path: /home/runner/.m2/repository/org/junit/jupiter/junit-jupiter-params/5.10.2/junit-jupiter-params-5.10.2.jar
MD5: 2f33df4bff7fbfb15352803fa575b88d
SHA1: 359132c82a9d3fa87a325db6edd33b5fdc67a3d8
SHA256: edb1e43ff0b8067626ffb55e5e9eeca1d9ab2478141a7c7f253d115b29cc7cf2
Referenced In Projects/Scopes: shardingsphere-test-it-parser:compile shardingsphere-test-util:compile junit-jupiter-params-5.10.2.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.shardingsphere/shardingsphere-test-it-parser@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-util@5.5.1-SNAPSHOT Evidence Type Source Name Value Confidence Vendor file name junit-jupiter-params High Vendor jar package name junit Highest Vendor jar package name jupiter Highest Vendor jar package name params Highest Vendor Manifest build-date 2024-02-04 Low Vendor Manifest build-revision 4c0dddad1b96d4a20e92a2cd583954643ac56ac0 Low Vendor Manifest build-time 09:34:27.111+0100 Low Vendor Manifest bundle-symbolicname junit-jupiter-params Medium Vendor Manifest Implementation-Vendor junit.org High Vendor Manifest specification-vendor junit.org Low Vendor pom artifactid junit-jupiter-params Highest Vendor pom artifactid junit-jupiter-params Low Vendor pom developer email business@johanneslink.net Low Vendor pom developer email derancourt.juliette@gmail.com Low Vendor pom developer email mail@marcphilipp.de Low Vendor pom developer email matthias.merdes@heidelpay.com Low Vendor pom developer email sam@sambrannen.com Low Vendor pom developer email sormuras@gmail.com Low Vendor pom developer email stefan.bechtold@me.com Low Vendor pom developer id bechte Medium Vendor pom developer id jlink Medium Vendor pom developer id juliette-derancourt Medium Vendor pom developer id marcphilipp Medium Vendor pom developer id mmerdes Medium Vendor pom developer id sbrannen Medium Vendor pom developer id sormuras Medium Vendor pom developer name Christian Stein Medium Vendor pom developer name Johannes Link Medium Vendor pom developer name Juliette de Rancourt Medium Vendor pom developer name Marc Philipp Medium Vendor pom developer name Matthias Merdes Medium Vendor pom developer name Sam Brannen Medium Vendor pom developer name Stefan Bechtold Medium Vendor pom groupid org.junit.jupiter Highest Vendor pom name JUnit Jupiter Params High Vendor pom url https://junit.org/junit5/ Highest Product file name junit-jupiter-params High Product jar package name junit Highest Product jar package name jupiter Highest Product jar package name params Highest Product Manifest build-date 2024-02-04 Low Product Manifest build-revision 4c0dddad1b96d4a20e92a2cd583954643ac56ac0 Low Product Manifest build-time 09:34:27.111+0100 Low Product Manifest Bundle-Name JUnit Jupiter Params Medium Product Manifest bundle-symbolicname junit-jupiter-params Medium Product Manifest Implementation-Title junit-jupiter-params High Product Manifest specification-title junit-jupiter-params Medium Product pom artifactid junit-jupiter-params Highest Product pom developer email business@johanneslink.net Low Product pom developer email derancourt.juliette@gmail.com Low Product pom developer email mail@marcphilipp.de Low Product pom developer email matthias.merdes@heidelpay.com Low Product pom developer email sam@sambrannen.com Low Product pom developer email sormuras@gmail.com Low Product pom developer email stefan.bechtold@me.com Low Product pom developer id bechte Low Product pom developer id jlink Low Product pom developer id juliette-derancourt Low Product pom developer id marcphilipp Low Product pom developer id mmerdes Low Product pom developer id sbrannen Low Product pom developer id sormuras Low Product pom developer name Christian Stein Low Product pom developer name Johannes Link Low Product pom developer name Juliette de Rancourt Low Product pom developer name Marc Philipp Low Product pom developer name Matthias Merdes Low Product pom developer name Sam Brannen Low Product pom developer name Stefan Bechtold Low Product pom groupid org.junit.jupiter Highest Product pom name JUnit Jupiter Params High Product pom url https://junit.org/junit5/ Medium Version file version 5.10.2 High Version Manifest Bundle-Version 5.10.2 High Version Manifest Implementation-Version 5.10.2 High Version pom version 5.10.2 Highest
junit-platform-engine-1.10.2.jarDescription:
Module "junit-platform-engine" of JUnit 5. License:
Eclipse Public License v2.0: https://www.eclipse.org/legal/epl-v20.html File Path: /home/runner/.m2/repository/org/junit/platform/junit-platform-engine/1.10.2/junit-platform-engine-1.10.2.jar
MD5: 0bab6a13692441a957234370baae15f0
SHA1: d53bb4e0ce7f211a498705783440614bfaf0df2e
SHA256: 905cba9b4998ccc29d1239085a7fb1fe0e28024d7526152356d810edec0a49a3
Referenced In Projects/Scopes: shardingsphere-test-it-parser:compile shardingsphere-test-util:compile shardingsphere-test-it-yaml:compile junit-platform-engine-1.10.2.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.junit.jupiter/junit-jupiter-engine@5.10.2 pkg:maven/org.junit.jupiter/junit-jupiter-engine@5.10.2 pkg:maven/org.junit.jupiter/junit-jupiter-engine@5.10.2 Evidence Type Source Name Value Confidence Vendor file name junit-platform-engine High Vendor jar package name engine Highest Vendor jar package name junit Highest Vendor jar package name platform Highest Vendor Manifest build-date 2024-02-04 Low Vendor Manifest build-revision 4c0dddad1b96d4a20e92a2cd583954643ac56ac0 Low Vendor Manifest build-time 09:34:27.111+0100 Low Vendor Manifest bundle-symbolicname junit-platform-engine Medium Vendor Manifest Implementation-Vendor junit.org High Vendor Manifest specification-vendor junit.org Low Vendor pom artifactid junit-platform-engine Highest Vendor pom artifactid junit-platform-engine Low Vendor pom developer email business@johanneslink.net Low Vendor pom developer email derancourt.juliette@gmail.com Low Vendor pom developer email mail@marcphilipp.de Low Vendor pom developer email matthias.merdes@heidelpay.com Low Vendor pom developer email sam@sambrannen.com Low Vendor pom developer email sormuras@gmail.com Low Vendor pom developer email stefan.bechtold@me.com Low Vendor pom developer id bechte Medium Vendor pom developer id jlink Medium Vendor pom developer id juliette-derancourt Medium Vendor pom developer id marcphilipp Medium Vendor pom developer id mmerdes Medium Vendor pom developer id sbrannen Medium Vendor pom developer id sormuras Medium Vendor pom developer name Christian Stein Medium Vendor pom developer name Johannes Link Medium Vendor pom developer name Juliette de Rancourt Medium Vendor pom developer name Marc Philipp Medium Vendor pom developer name Matthias Merdes Medium Vendor pom developer name Sam Brannen Medium Vendor pom developer name Stefan Bechtold Medium Vendor pom groupid org.junit.platform Highest Vendor pom name JUnit Platform Engine API High Vendor pom url https://junit.org/junit5/ Highest Product file name junit-platform-engine High Product jar package name engine Highest Product jar package name junit Highest Product jar package name platform Highest Product Manifest build-date 2024-02-04 Low Product Manifest build-revision 4c0dddad1b96d4a20e92a2cd583954643ac56ac0 Low Product Manifest build-time 09:34:27.111+0100 Low Product Manifest Bundle-Name JUnit Platform Engine API Medium Product Manifest bundle-symbolicname junit-platform-engine Medium Product Manifest Implementation-Title junit-platform-engine High Product Manifest specification-title junit-platform-engine Medium Product pom artifactid junit-platform-engine Highest Product pom developer email business@johanneslink.net Low Product pom developer email derancourt.juliette@gmail.com Low Product pom developer email mail@marcphilipp.de Low Product pom developer email matthias.merdes@heidelpay.com Low Product pom developer email sam@sambrannen.com Low Product pom developer email sormuras@gmail.com Low Product pom developer email stefan.bechtold@me.com Low Product pom developer id bechte Low Product pom developer id jlink Low Product pom developer id juliette-derancourt Low Product pom developer id marcphilipp Low Product pom developer id mmerdes Low Product pom developer id sbrannen Low Product pom developer id sormuras Low Product pom developer name Christian Stein Low Product pom developer name Johannes Link Low Product pom developer name Juliette de Rancourt Low Product pom developer name Marc Philipp Low Product pom developer name Matthias Merdes Low Product pom developer name Sam Brannen Low Product pom developer name Stefan Bechtold Low Product pom groupid org.junit.platform Highest Product pom name JUnit Platform Engine API High Product pom url https://junit.org/junit5/ Medium Version file version 1.10.2 High Version Manifest Bundle-Version 1.10.2 High Version Manifest Implementation-Version 1.10.2 High Version pom version 1.10.2 Highest
Related Dependencies junit-platform-commons-1.10.2.jarFile Path: /home/runner/.m2/repository/org/junit/platform/junit-platform-commons/1.10.2/junit-platform-commons-1.10.2.jar MD5: ae199049daca42c359e64974009025c5 SHA1: 3197154a1f0c88da46c47a9ca27611ac7ec5d797 SHA256: b56a5ec000a479df4973b18bba24c98fe0db8faa14c8907d3ef451d8c71fd8ae pkg:maven/org.junit.platform/junit-platform-commons@1.10.2 kotlin-stdlib-1.9.10.jarDescription:
Kotlin Standard Library for JVM License:
The Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/runner/.m2/repository/org/jetbrains/kotlin/kotlin-stdlib/1.9.10/kotlin-stdlib-1.9.10.jar
MD5: da8348128b101f854fafa9a31e3806bd
SHA1: 72812e8a368917ab5c0a5081b56915ffdfec93b7
SHA256: 55e989c512b80907799f854309f3bc7782c5b3d13932442d0379d5c472711504
Referenced In Projects/Scopes: shardingsphere-test-e2e-agent-plugins-common:compile shardingsphere-test-e2e-agent-plugins-metrics-prometheus:compile shardingsphere-test-e2e-agent-plugins-jaeger:compile shardingsphere-agent-tracing-opentelemetry:compile shardingsphere-test-e2e-agent-plugins-zipkin:compile shardingsphere-agent-distribution:compile shardingsphere-test-e2e-agent-plugins-logging-file:compile kotlin-stdlib-1.9.10.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-common@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-tracing-opentelemetry@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-common@5.5.1-SNAPSHOT pkg:maven/org.jetbrains.kotlin/kotlin-stdlib-jdk8@1.9.10 pkg:maven/org.jetbrains.kotlin/kotlin-stdlib-jdk8@1.9.10 pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-common@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-common@5.5.1-SNAPSHOT Evidence Type Source Name Value Confidence Vendor file name kotlin-stdlib High Vendor jar package name jvm Highest Vendor jar package name kotlin Highest Vendor Manifest Implementation-Vendor JetBrains High Vendor Manifest kotlin-runtime-component Main Low Vendor Manifest multi-release true Low Vendor pom artifactid kotlin-stdlib Highest Vendor pom artifactid kotlin-stdlib Low Vendor pom developer name Kotlin Team Medium Vendor pom developer org JetBrains Medium Vendor pom developer org URL https://www.jetbrains.com Medium Vendor pom groupid org.jetbrains.kotlin Highest Vendor pom name Kotlin Stdlib High Vendor pom url https://kotlinlang.org/ Highest Product file name kotlin-stdlib High Product jar package name jvm Highest Product jar package name kotlin Highest Product Manifest Implementation-Title kotlin-stdlib High Product Manifest kotlin-runtime-component Main Low Product Manifest multi-release true Low Product pom artifactid kotlin-stdlib Highest Product pom developer name Kotlin Team Low Product pom developer org JetBrains Low Product pom developer org URL https://www.jetbrains.com Low Product pom groupid org.jetbrains.kotlin Highest Product pom name Kotlin Stdlib High Product pom url https://kotlinlang.org/ Medium Version file version 1.9.10 High Version pom version 1.9.10 Highest
Related Dependencies kotlin-stdlib-common-1.9.10.jarFile Path: /home/runner/.m2/repository/org/jetbrains/kotlin/kotlin-stdlib-common/1.9.10/kotlin-stdlib-common-1.9.10.jar MD5: de4024a53c843e959f2d50ecd1f0e951 SHA1: dafaf2c27f27c09220cee312df10917d9a5d97ce SHA256: cde3341ba18a2ba262b0b7cf6c55b20c90e8d434e42c9a13e6a3f770db965a88 pkg:maven/org.jetbrains.kotlin/kotlin-stdlib-common@1.9.10 kotlin-stdlib-jdk7-1.9.10.jarFile Path: /home/runner/.m2/repository/org/jetbrains/kotlin/kotlin-stdlib-jdk7/1.9.10/kotlin-stdlib-jdk7-1.9.10.jar MD5: 14f35bcc452b095f3034a1471960cccc SHA1: bc5bfc2690338defd5195b05c57562f2194eeb10 SHA256: ac6361bf9ad1ed382c2103d9712c47cdec166232b4903ed596e8876b0681c9b7 pkg:maven/org.jetbrains.kotlin/kotlin-stdlib-jdk7@1.9.10 kotlin-stdlib-jdk8-1.9.10.jarFile Path: /home/runner/.m2/repository/org/jetbrains/kotlin/kotlin-stdlib-jdk8/1.9.10/kotlin-stdlib-jdk8-1.9.10.jar MD5: d223cbd9e57f02cf4e9f3d9ed01edcee SHA1: c7510d64a83411a649c76f2778304ddf71d7437b SHA256: a4c74d94d64ce1abe53760fe0389dd941f6fc558d0dab35e47c085a11ec80f28 pkg:maven/org.jetbrains.kotlin/kotlin-stdlib-jdk8@1.9.10 leveldbjni-all-1.8.jarDescription:
An uber jar which contains all the leveldbjni platform libraries and dependencies License:
http://www.opensource.org/licenses/BSD-3-Clause File Path: /home/runner/.m2/repository/org/fusesource/leveldbjni/leveldbjni-all/1.8/leveldbjni-all-1.8.jar
MD5: 6944e9bc03c7938868e53c96726ae914
SHA1: 707350a2eeb1fa2ed77a32ddb3893ed308e941db
SHA256: c297213b0e6f9392305952753f3099a4c02e70b3656266fe01867e7b6c160ffe
Referenced In Project/Scope: shardingsphere-infra-database-hive:provided
leveldbjni-all-1.8.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.hive/hive-jdbc@3.1.3
Evidence Type Source Name Value Confidence Vendor file name leveldbjni-all High Vendor jar package name all Highest Vendor jar package name fusesource Highest Vendor jar package name leveldbjni Highest Vendor Manifest bundle-docurl http://fusesource.com/ Low Vendor Manifest bundle-nativecode META-INF/native/windows32/leveldbjni.dll;osname=Win32;processor=x86,META-INF/native/windows64/leveldbjni.dll;osname=Win32;processor=x86-64,META-INF/native/osx/libleveldbjni.jnilib;osname=macosx;processor=x86,META-INF/native/osx/libleveldbjni.jnilib;osname=macosx;processor=x86-64,META-INF/native/linux32/libleveldbjni.so;osname=Linux;processor=x86,META-INF/native/linux64/libleveldbjni.so;osname=Linux;processor=x86-64 Low Vendor Manifest bundle-symbolicname org.fusesource.leveldbjni.leveldbjni-all Medium Vendor Manifest embed-transitive true Low Vendor pom artifactid leveldbjni-all Highest Vendor pom artifactid leveldbjni-all Low Vendor pom groupid org.fusesource.leveldbjni Highest Vendor pom name ${project.artifactId} High Vendor pom parent-artifactid leveldbjni-project Low Product file name leveldbjni-all High Product jar package name all Highest Product jar package name fusesource Highest Product jar package name leveldb Highest Product jar package name leveldbjni Highest Product Manifest bundle-docurl http://fusesource.com/ Low Product Manifest Bundle-Name leveldbjni-all Medium Product Manifest bundle-nativecode META-INF/native/windows32/leveldbjni.dll;osname=Win32;processor=x86,META-INF/native/windows64/leveldbjni.dll;osname=Win32;processor=x86-64,META-INF/native/osx/libleveldbjni.jnilib;osname=macosx;processor=x86,META-INF/native/osx/libleveldbjni.jnilib;osname=macosx;processor=x86-64,META-INF/native/linux32/libleveldbjni.so;osname=Linux;processor=x86,META-INF/native/linux64/libleveldbjni.so;osname=Linux;processor=x86-64 Low Product Manifest bundle-symbolicname org.fusesource.leveldbjni.leveldbjni-all Medium Product Manifest embed-transitive true Low Product Manifest Implementation-Title LevelDB JNI High Product pom artifactid leveldbjni-all Highest Product pom groupid org.fusesource.leveldbjni Highest Product pom name ${project.artifactId} High Product pom parent-artifactid leveldbjni-project Medium Version file version 1.8 High Version Manifest Implementation-Version 1.8 High Version pom version 1.8 Highest
leveldbjni-all-1.8.jar: leveldbjni.dllFile Path: /home/runner/.m2/repository/org/fusesource/leveldbjni/leveldbjni-all/1.8/leveldbjni-all-1.8.jar/META-INF/native/windows32/leveldbjni.dllMD5: 551b9310a9ed358359296a89715df2f4SHA1: bba450e93688b872b3fcaa31e8457950e97d8429SHA256: 3cf3f6284f99acad369a15f0b4eca8e0dec2b0342651c519e4665570da8a68eeReferenced In Project/Scope: shardingsphere-infra-database-hive:provided
Evidence Type Source Name Value Confidence Vendor file name leveldbjni High Product file name leveldbjni High
leveldbjni-all-1.8.jar: leveldbjni.dllFile Path: /home/runner/.m2/repository/org/fusesource/leveldbjni/leveldbjni-all/1.8/leveldbjni-all-1.8.jar/META-INF/native/windows64/leveldbjni.dllMD5: 4b6fa20009ca1eb556e752671461a3f2SHA1: 978ca9c96c03eb220556ce5bc96c715f95a0967cSHA256: 7794f7bbc848d1a9ad98996f2c68a1cf12ac17562f646c6d7f5733404a7b5ef1Referenced In Project/Scope: shardingsphere-infra-database-hive:provided
Evidence Type Source Name Value Confidence Vendor file name leveldbjni High Product file name leveldbjni High
libfb303-0.9.3.jarDescription:
Thrift is a software framework for scalable cross-language services development. License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/runner/.m2/repository/org/apache/thrift/libfb303/0.9.3/libfb303-0.9.3.jar
MD5: 5e1c646346ecf2750a1b8b6cb2aa1c4f
SHA1: 5d1abb695642e88558f4e7e0d32aa1925a1fd0b7
SHA256: 23fc397a42181b17bb7d0fada2213735ed8db38cfbf038d12b9c00ea7419e11b
Referenced In Project/Scope: shardingsphere-infra-database-hive:provided
libfb303-0.9.3.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.hive/hive-jdbc@3.1.3
Evidence Type Source Name Value Confidence Vendor file name libfb303 High Vendor jar package name facebook Low Vendor jar package name fb303 Low Vendor pom artifactid libfb303 Highest Vendor pom artifactid libfb303 Low Vendor pom developer id aditya Medium Vendor pom developer id bmaurer Medium Vendor pom developer id bryanduxbury Medium Vendor pom developer id carl Medium Vendor pom developer id cpiro Medium Vendor pom developer id dreiss Medium Vendor pom developer id esteve Medium Vendor pom developer id geechorama Medium Vendor pom developer id jake Medium Vendor pom developer id jensg Medium Vendor pom developer id jfarrell Medium Vendor pom developer id jwang Medium Vendor pom developer id kclark Medium Vendor pom developer id marck Medium Vendor pom developer id mcslee Medium Vendor pom developer id molinaro Medium Vendor pom developer id roger Medium Vendor pom developer id todd Medium Vendor pom developer name Aditya Agarwal Medium Vendor pom developer name Andrew McGeachie Medium Vendor pom developer name Anthony Molinaro Medium Vendor pom developer name Ben Maurer Medium Vendor pom developer name Bryan Duxbury Medium Vendor pom developer name Carl Yeksigian Medium Vendor pom developer name Chris Piro Medium Vendor pom developer name David Reiss Medium Vendor pom developer name Esteve Fernandez Medium Vendor pom developer name Jake Farrell Medium Vendor pom developer name Jake Luciani Medium Vendor pom developer name James Wang Medium Vendor pom developer name Jens Geyer Medium Vendor pom developer name Kevin Clark Medium Vendor pom developer name Marc Kwiatkowski Medium Vendor pom developer name Mark Slee Medium Vendor pom developer name Roger Meier Medium Vendor pom developer name Todd Lipcon Medium Vendor pom groupid org.apache.thrift Highest Vendor pom name Apache Thrift High Vendor pom url http://thrift.apache.org Highest Product file name libfb303 High Product jar package name fb303 Low Product pom artifactid libfb303 Highest Product pom developer id aditya Low Product pom developer id bmaurer Low Product pom developer id bryanduxbury Low Product pom developer id carl Low Product pom developer id cpiro Low Product pom developer id dreiss Low Product pom developer id esteve Low Product pom developer id geechorama Low Product pom developer id jake Low Product pom developer id jensg Low Product pom developer id jfarrell Low Product pom developer id jwang Low Product pom developer id kclark Low Product pom developer id marck Low Product pom developer id mcslee Low Product pom developer id molinaro Low Product pom developer id roger Low Product pom developer id todd Low Product pom developer name Aditya Agarwal Low Product pom developer name Andrew McGeachie Low Product pom developer name Anthony Molinaro Low Product pom developer name Ben Maurer Low Product pom developer name Bryan Duxbury Low Product pom developer name Carl Yeksigian Low Product pom developer name Chris Piro Low Product pom developer name David Reiss Low Product pom developer name Esteve Fernandez Low Product pom developer name Jake Farrell Low Product pom developer name Jake Luciani Low Product pom developer name James Wang Low Product pom developer name Jens Geyer Low Product pom developer name Kevin Clark Low Product pom developer name Marc Kwiatkowski Low Product pom developer name Mark Slee Low Product pom developer name Roger Meier Low Product pom developer name Todd Lipcon Low Product pom groupid org.apache.thrift Highest Product pom name Apache Thrift High Product pom url http://thrift.apache.org Medium Version file version 0.9.3 High Version pom version 0.9.3 Highest
CVE-2021-24028 suppress
An invalid free in Thrift's table-based serialization can cause the application to crash or potentially result in code execution or other undesirable effects. This issue affects Facebook Thrift prior to v2021.02.22.00. CWE-763 Release of Invalid Pointer or Reference
CVSSv2:
Base Score: HIGH (7.5) Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P CVSSv3:
Base Score: CRITICAL (9.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:3.9/RC:R/MAV:A References:
Vulnerable Software & Versions:
CVE-2019-11938 suppress
Java Facebook Thrift servers would not error upon receiving messages declaring containers of sizes larger than the payload. As a result, malicious clients could send short messages which would result in a large memory allocation, potentially leading to denial of service. This issue affects Facebook Thrift prior to v2019.12.09.00. CWE-770 Allocation of Resources Without Limits or Throttling
CVSSv2:
Base Score: MEDIUM (5.0) Vector: /AV:N/AC:L/Au:N/C:N/I:N/A:P CVSSv3:
Base Score: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:3.9/RC:R/MAV:A References:
Vulnerable Software & Versions:
CVE-2019-11939 suppress
Golang Facebook Thrift servers would not error upon receiving messages declaring containers of sizes larger than the payload. As a result, malicious clients could send short messages which would result in a large memory allocation, potentially leading to denial of service. This issue affects Facebook Thrift prior to v2020.03.16.00. CWE-770 Allocation of Resources Without Limits or Throttling
CVSSv2:
Base Score: MEDIUM (5.0) Vector: /AV:N/AC:L/Au:N/C:N/I:N/A:P CVSSv3:
Base Score: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:3.9/RC:R/MAV:A References:
Vulnerable Software & Versions:
CVE-2019-3552 suppress
C++ Facebook Thrift servers (using cpp2) would not error upon receiving messages with containers of fields of unknown type. As a result, malicious clients could send short messages which would take a long time for the server to parse, potentially leading to denial of service. This issue affects Facebook Thrift prior to v2019.02.18.00. CWE-755 Improper Handling of Exceptional Conditions, CWE-834 Excessive Iteration
CVSSv2:
Base Score: MEDIUM (5.0) Vector: /AV:N/AC:L/Au:N/C:N/I:N/A:P CVSSv3:
Base Score: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:3.9/RC:R/MAV:A References:
Vulnerable Software & Versions:
CVE-2019-3553 suppress
C++ Facebook Thrift servers would not error upon receiving messages declaring containers of sizes larger than the payload. As a result, malicious clients could send short messages which would result in a large memory allocation, potentially leading to denial of service. This issue affects Facebook Thrift prior to v2020.02.03.00. CWE-770 Allocation of Resources Without Limits or Throttling
CVSSv2:
Base Score: MEDIUM (5.0) Vector: /AV:N/AC:L/Au:N/C:N/I:N/A:P CVSSv3:
Base Score: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:3.9/RC:R/MAV:A References:
Vulnerable Software & Versions:
CVE-2019-3558 suppress
Python Facebook Thrift servers would not error upon receiving messages with containers of fields of unknown type. As a result, malicious clients could send short messages which would take a long time for the server to parse, potentially leading to denial of service. This issue affects Facebook Thrift prior to v2019.02.18.00. CWE-755 Improper Handling of Exceptional Conditions, CWE-834 Excessive Iteration
CVSSv2:
Base Score: MEDIUM (5.0) Vector: /AV:N/AC:L/Au:N/C:N/I:N/A:P CVSSv3:
Base Score: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:3.9/RC:R/MAV:A References:
Vulnerable Software & Versions:
CVE-2019-3559 suppress
Java Facebook Thrift servers would not error upon receiving messages with containers of fields of unknown type. As a result, malicious clients could send short messages which would take a long time for the server to parse, potentially leading to denial of service. This issue affects Facebook Thrift prior to v2019.02.18.00. CWE-755 Improper Handling of Exceptional Conditions, CWE-834 Excessive Iteration
CVSSv2:
Base Score: MEDIUM (5.0) Vector: /AV:N/AC:L/Au:N/C:N/I:N/A:P CVSSv3:
Base Score: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:3.9/RC:R/MAV:A References:
Vulnerable Software & Versions:
CVE-2019-3564 suppress
Go Facebook Thrift servers would not error upon receiving messages with containers of fields of unknown type. As a result, malicious clients could send short messages which would take a long time for the server to parse, potentially leading to denial of service. This issue affects Facebook Thrift prior to v2019.03.04.00. CWE-755 Improper Handling of Exceptional Conditions, CWE-834 Excessive Iteration
CVSSv2:
Base Score: MEDIUM (5.0) Vector: /AV:N/AC:L/Au:N/C:N/I:N/A:P CVSSv3:
Base Score: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:3.9/RC:R/MAV:A References:
Vulnerable Software & Versions:
CVE-2019-3565 suppress
Legacy C++ Facebook Thrift servers (using cpp instead of cpp2) would not error upon receiving messages with containers of fields of unknown type. As a result, malicious clients could send short messages which would take a long time for the server to parse, potentially leading to denial of service. This issue affects Facebook Thrift prior to v2019.05.06.00. CWE-755 Improper Handling of Exceptional Conditions, CWE-834 Excessive Iteration
CVSSv2:
Base Score: MEDIUM (5.0) Vector: /AV:N/AC:L/Au:N/C:N/I:N/A:P CVSSv3:
Base Score: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:3.9/RC:R/MAV:A References:
Vulnerable Software & Versions:
libthrift-0.9.3.jarDescription:
Thrift is a software framework for scalable cross-language services development. License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/runner/.m2/repository/org/apache/thrift/libthrift/0.9.3/libthrift-0.9.3.jar
MD5: 96af680a50acae601ce823b1da70b24a
SHA1: 8625e8f9b6f49b881fa5fd143172c2833df1ce47
SHA256: bca5e8cdee1e0fbf563de7d41c452385e7bed69723fa28225a9ce718a8ee3419
Referenced In Project/Scope: shardingsphere-infra-database-hive:provided
libthrift-0.9.3.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.hive/hive-jdbc@3.1.3
Evidence Type Source Name Value Confidence Vendor file name libthrift High Vendor jar package name apache Highest Vendor jar package name thrift Highest Vendor Manifest bundle-activationpolicy lazy Low Vendor Manifest bundle-symbolicname org.apache.thrift Medium Vendor pom artifactid libthrift Highest Vendor pom artifactid libthrift Low Vendor pom developer id aditya Medium Vendor pom developer id bmaurer Medium Vendor pom developer id bryanduxbury Medium Vendor pom developer id carl Medium Vendor pom developer id cpiro Medium Vendor pom developer id dreiss Medium Vendor pom developer id esteve Medium Vendor pom developer id geechorama Medium Vendor pom developer id jake Medium Vendor pom developer id jensg Medium Vendor pom developer id jfarrell Medium Vendor pom developer id jwang Medium Vendor pom developer id kclark Medium Vendor pom developer id marck Medium Vendor pom developer id mcslee Medium Vendor pom developer id molinaro Medium Vendor pom developer id roger Medium Vendor pom developer id todd Medium Vendor pom developer name Aditya Agarwal Medium Vendor pom developer name Andrew McGeachie Medium Vendor pom developer name Anthony Molinaro Medium Vendor pom developer name Ben Maurer Medium Vendor pom developer name Bryan Duxbury Medium Vendor pom developer name Carl Yeksigian Medium Vendor pom developer name Chris Piro Medium Vendor pom developer name David Reiss Medium Vendor pom developer name Esteve Fernandez Medium Vendor pom developer name Jake Farrell Medium Vendor pom developer name Jake Luciani Medium Vendor pom developer name James Wang Medium Vendor pom developer name Jens Geyer Medium Vendor pom developer name Kevin Clark Medium Vendor pom developer name Marc Kwiatkowski Medium Vendor pom developer name Mark Slee Medium Vendor pom developer name Roger Meier Medium Vendor pom developer name Todd Lipcon Medium Vendor pom groupid org.apache.thrift Highest Vendor pom name Apache Thrift High Vendor pom url http://thrift.apache.org Highest Product file name libthrift High Product jar package name apache Highest Product jar package name thrift Highest Product Manifest bundle-activationpolicy lazy Low Product Manifest Bundle-Name Apache Thrift Medium Product Manifest bundle-symbolicname org.apache.thrift Medium Product pom artifactid libthrift Highest Product pom developer id aditya Low Product pom developer id bmaurer Low Product pom developer id bryanduxbury Low Product pom developer id carl Low Product pom developer id cpiro Low Product pom developer id dreiss Low Product pom developer id esteve Low Product pom developer id geechorama Low Product pom developer id jake Low Product pom developer id jensg Low Product pom developer id jfarrell Low Product pom developer id jwang Low Product pom developer id kclark Low Product pom developer id marck Low Product pom developer id mcslee Low Product pom developer id molinaro Low Product pom developer id roger Low Product pom developer id todd Low Product pom developer name Aditya Agarwal Low Product pom developer name Andrew McGeachie Low Product pom developer name Anthony Molinaro Low Product pom developer name Ben Maurer Low Product pom developer name Bryan Duxbury Low Product pom developer name Carl Yeksigian Low Product pom developer name Chris Piro Low Product pom developer name David Reiss Low Product pom developer name Esteve Fernandez Low Product pom developer name Jake Farrell Low Product pom developer name Jake Luciani Low Product pom developer name James Wang Low Product pom developer name Jens Geyer Low Product pom developer name Kevin Clark Low Product pom developer name Marc Kwiatkowski Low Product pom developer name Mark Slee Low Product pom developer name Roger Meier Low Product pom developer name Todd Lipcon Low Product pom groupid org.apache.thrift Highest Product pom name Apache Thrift High Product pom url http://thrift.apache.org Medium Version file version 0.9.3 High Version Manifest Bundle-Version 0.9.3 High Version Manifest Implementation-Version 0.9.3 High Version pom version 0.9.3 Highest
CVE-2016-5397 suppress
The Apache Thrift Go client library exposed the potential during code generation for command injection due to using an external formatting tool. Affected Apache Thrift 0.9.3 and older, Fixed in Apache Thrift 0.10.0. CWE-77 Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVSSv2:
Base Score: HIGH (9.0) Vector: /AV:N/AC:L/Au:S/C:C/I:C/A:C CVSSv3:
Base Score: HIGH (8.8) Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:2.8/RC:R/MAV:A References:
Vulnerable Software & Versions:
CVE-2018-1320 suppress
Apache Thrift Java client library versions 0.5.0 through 0.11.0 can bypass SASL negotiation isComplete validation in the org.apache.thrift.transport.TSaslTransport class. An assert used to determine if the SASL handshake had successfully completed could be disabled in production settings making the validation incomplete. CWE-295 Improper Certificate Validation
CVSSv2:
Base Score: MEDIUM (5.0) Vector: /AV:N/AC:L/Au:N/C:N/I:P/A:N CVSSv3:
Base Score: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:3.9/RC:R/MAV:A References:
Vulnerable Software & Versions: (show all )
CVE-2019-0205 suppress
In Apache Thrift all versions up to and including 0.12.0, a server or client may run into an endless loop when feed with specific input data. Because the issue had already been partially fixed in version 0.11.0, depending on the installed version it affects only certain language bindings. CWE-835 Loop with Unreachable Exit Condition ('Infinite Loop')
CVSSv2:
Base Score: HIGH (7.8) Vector: /AV:N/AC:L/Au:N/C:N/I:N/A:C CVSSv3:
Base Score: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:3.9/RC:R/MAV:A References:
Vulnerable Software & Versions: (show all )
CVE-2019-0210 suppress
In Apache Thrift 0.9.3 to 0.12.0, a server implemented in Go using TJSONProtocol or TSimpleJSONProtocol may panic when feed with invalid input data. CWE-125 Out-of-bounds Read
CVSSv2:
Base Score: MEDIUM (5.0) Vector: /AV:N/AC:L/Au:N/C:N/I:N/A:P CVSSv3:
Base Score: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:3.9/RC:R/MAV:A References:
Vulnerable Software & Versions: (show all )
CVE-2020-13949 suppress
In Apache Thrift 0.9.3 to 0.13.0, malicious RPC clients could send short messages which would result in a large memory allocation, potentially leading to denial of service. CWE-400 Uncontrolled Resource Consumption
CVSSv2:
Base Score: MEDIUM (5.0) Vector: /AV:N/AC:L/Au:N/C:N/I:N/A:P CVSSv3:
Base Score: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:3.9/RC:R/MAV:A References:
Vulnerable Software & Versions: (show all )
CVE-2018-11798 suppress
The Apache Thrift Node.js static web server in versions 0.9.2 through 0.11.0 have been determined to contain a security vulnerability in which a remote user has the ability to access files outside the set webservers docroot path. CWE-538 Insertion of Sensitive Information into Externally-Accessible File or Directory
CVSSv2:
Base Score: MEDIUM (4.0) Vector: /AV:N/AC:L/Au:S/C:P/I:N/A:N CVSSv3:
Base Score: MEDIUM (6.5) Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:2.8/RC:R/MAV:A References:
Vulnerable Software & Versions:
log4j-1.2.17.jarDescription:
Apache Log4j 1.2 License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/runner/.m2/repository/log4j/log4j/1.2.17/log4j-1.2.17.jar
MD5: 04a41f0a068986f0f73485cf507c0f40
SHA1: 5af35056b4d257e4b64b9e8069c0746e8b08629f
SHA256: 1d31696445697720527091754369082a6651bd49781b6005deb94e56753406f9
Referenced In Project/Scope: shardingsphere-proxy-backend-hbase:compile
log4j-1.2.17.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.hbase/hbase-shaded-client@1.7.1
Evidence Type Source Name Value Confidence Vendor file name log4j High Vendor jar package name apache Highest Vendor jar package name log4j Highest Vendor Manifest bundle-docurl http://logging.apache.org/log4j/1.2 Low Vendor Manifest bundle-symbolicname log4j Medium Vendor manifest: org.apache.log4j Implementation-Vendor "Apache Software Foundation" Medium Vendor pom artifactid log4j Highest Vendor pom artifactid log4j Low Vendor pom groupid log4j Highest Vendor pom name Apache Log4j High Vendor pom organization name Apache Software Foundation High Vendor pom organization url http://www.apache.org Medium Vendor pom url http://logging.apache.org/log4j/1.2/ Highest Product file name log4j High Product jar package name apache Highest Product jar package name log4j Highest Product Manifest bundle-docurl http://logging.apache.org/log4j/1.2 Low Product Manifest Bundle-Name Apache Log4j Medium Product Manifest bundle-symbolicname log4j Medium Product manifest: org.apache.log4j Implementation-Title log4j Medium Product pom artifactid log4j Highest Product pom groupid log4j Highest Product pom name Apache Log4j High Product pom organization name Apache Software Foundation Low Product pom organization url http://www.apache.org Low Product pom url http://logging.apache.org/log4j/1.2/ Medium Version file version 1.2.17 High Version Manifest Bundle-Version 1.2.17 High Version manifest: org.apache.log4j Implementation-Version 1.2.17 Medium Version pom version 1.2.17 Highest
CVE-2019-17571 suppress
Included in Log4j 1.2 is a SocketServer class that is vulnerable to deserialization of untrusted data which can be exploited to remotely execute arbitrary code when combined with a deserialization gadget when listening to untrusted network traffic for log data. This affects Log4j versions up to 1.2 up to 1.2.17. CWE-502 Deserialization of Untrusted Data
CVSSv2:
Base Score: HIGH (7.5) Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P CVSSv3:
Base Score: CRITICAL (9.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:3.9/RC:R/MAV:A References:
Vulnerable Software & Versions: (show all )
CVE-2020-9493 suppress
A deserialization flaw was found in Apache Chainsaw versions prior to 2.1.0 which could lead to malicious code execution. CWE-502 Deserialization of Untrusted Data
CVSSv2:
Base Score: MEDIUM (6.8) Vector: /AV:N/AC:M/Au:N/C:P/I:P/A:P CVSSv3:
Base Score: CRITICAL (9.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:3.9/RC:R/MAV:A References:
Vulnerable Software & Versions: (show all )
CVE-2022-23305 suppress
By design, the JDBCAppender in Log4j 1.2.x accepts an SQL statement as a configuration parameter where the values to be inserted are converters from PatternLayout. The message converter, %m, is likely to always be included. This allows attackers to manipulate the SQL by entering crafted strings into input fields or headers of an application that are logged allowing unintended SQL queries to be executed. Note this issue only affects Log4j 1.x when specifically configured to use the JDBCAppender, which is not the default. Beginning in version 2.0-beta8, the JDBCAppender was re-introduced with proper support for parameterized SQL queries and further customization over the columns written to in logs. Apache Log4j 1.2 reached end of life in August 2015. Users should upgrade to Log4j 2 as it addresses numerous other issues from the previous versions. CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVSSv2:
Base Score: MEDIUM (6.8) Vector: /AV:N/AC:M/Au:N/C:P/I:P/A:P CVSSv3:
Base Score: CRITICAL (9.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:3.9/RC:R/MAV:A References:
Vulnerable Software & Versions: (show all )
CVE-2022-23302 suppress
JMSSink in all versions of Log4j 1.x is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration or if the configuration references an LDAP service the attacker has access to. The attacker can provide a TopicConnectionFactoryBindingName configuration causing JMSSink to perform JNDI requests that result in remote code execution in a similar fashion to CVE-2021-4104. Note this issue only affects Log4j 1.x when specifically configured to use JMSSink, which is not the default. Apache Log4j 1.2 reached end of life in August 2015. Users should upgrade to Log4j 2 as it addresses numerous other issues from the previous versions. CWE-502 Deserialization of Untrusted Data
CVSSv2:
Base Score: MEDIUM (6.0) Vector: /AV:N/AC:M/Au:S/C:P/I:P/A:P CVSSv3:
Base Score: HIGH (8.8) Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:2.8/RC:R/MAV:A References:
Vulnerable Software & Versions: (show all )
CVE-2022-23307 suppress
CVE-2020-9493 identified a deserialization issue that was present in Apache Chainsaw. Prior to Chainsaw V2.0 Chainsaw was a component of Apache Log4j 1.2.x where the same issue exists. CWE-502 Deserialization of Untrusted Data
CVSSv2:
Base Score: HIGH (9.0) Vector: /AV:N/AC:L/Au:S/C:C/I:C/A:C CVSSv3:
Base Score: HIGH (8.8) Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:2.8/RC:R/MAV:A References:
Vulnerable Software & Versions: (show all )
CVE-2021-4104 (OSSINDEX) suppress
JMSAppender in Log4j 1.2 is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration. The attacker can provide TopicBindingName and TopicConnectionFactoryBindingName configurations causing JMSAppender to perform JNDI requests that result in remote code execution in a similar fashion to CVE-2021-44228. Note this issue only affects Log4j 1.2 when specifically configured to use JMSAppender, which is not the default. Apache Log4j 1.2 reached end of life in August 2015. Users should upgrade to Log4j 2 as it addresses numerous other issues from the previous versions.
Sonatype's research suggests that this CVE's details differ from those defined at NVD. See https://ossindex.sonatype.org/vulnerability/CVE-2021-4104 for details CWE-502 Deserialization of Untrusted Data
CVSSv3:
Base Score: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H References:
Vulnerable Software & Versions (OSSINDEX):
cpe:2.3:a:log4j:log4j:1.2.17:*:*:*:*:*:*:* CVE-2023-26464 suppress
** UNSUPPORTED WHEN ASSIGNED **
When using the Chainsaw or SocketAppender components with Log4j 1.x on JRE less than 1.7, an attacker that manages to cause a logging entry involving a specially-crafted (ie, deeply nested)
hashmap or hashtable (depending on which logging component is in use) to be processed could exhaust the available memory in the virtual machine and achieve Denial of Service when the object is deserialized.
This issue affects Apache Log4j before 2. Affected users are recommended to update to Log4j 2.x.
NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
CWE-502 Deserialization of Untrusted Data
CVSSv3:
Base Score: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:3.9/RC:R/MAV:A References:
Vulnerable Software & Versions:
log4j-core-2.17.1.jarDescription:
The Apache Log4j Implementation License:
https://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/runner/.m2/repository/org/apache/logging/log4j/log4j-core/2.17.1/log4j-core-2.17.1.jar
MD5: 8d2f5c52700336dae846b2c3ecde7a6e
SHA1: 779f60f3844dadc3ef597976fcb1e5127b1f343d
SHA256: c967f223487980b9364e94a7c7f9a8a01fd3ee7c19bdbf0b0f9f8cb8511f3d41
Referenced In Project/Scope: shardingsphere-infra-database-hive:provided
log4j-core-2.17.1.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.hive/hive-jdbc@3.1.3
Evidence Type Source Name Value Confidence Vendor file name log4j-core High Vendor jar package name apache Highest Vendor jar package name core Highest Vendor jar package name log4j Highest Vendor jar package name logging Highest Vendor jar package name org Highest Vendor Manifest automatic-module-name org.apache.logging.log4j.core Medium Vendor Manifest bundle-docurl https://www.apache.org/ Low Vendor Manifest bundle-symbolicname org.apache.logging.log4j.core Medium Vendor Manifest implementation-url https://logging.apache.org/log4j/2.x/log4j-core/ Low Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor Manifest Implementation-Vendor-Id org.apache.logging.log4j Medium Vendor Manifest log4jreleasekey D7C92B70FA1C814D Low Vendor Manifest log4jreleasemanager Matt Sicker Low Vendor Manifest log4jsigningusername mattsicker@apache.org Medium Vendor Manifest multi-release true Low Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor pom artifactid log4j-core Highest Vendor pom artifactid log4j-core Low Vendor pom groupid org.apache.logging.log4j Highest Vendor pom name Apache Log4j Core High Vendor pom parent-artifactid log4j Low Product file name log4j-core High Product jar package name apache Highest Product jar package name core Highest Product jar package name log4j Highest Product jar package name logging Highest Product jar package name org Highest Product Manifest automatic-module-name org.apache.logging.log4j.core Medium Product Manifest bundle-docurl https://www.apache.org/ Low Product Manifest Bundle-Name Apache Log4j Core Medium Product Manifest bundle-symbolicname org.apache.logging.log4j.core Medium Product Manifest Implementation-Title Apache Log4j Core High Product Manifest implementation-url https://logging.apache.org/log4j/2.x/log4j-core/ Low Product Manifest log4jreleasekey D7C92B70FA1C814D Low Product Manifest log4jreleasemanager Matt Sicker Low Product Manifest log4jsigningusername mattsicker@apache.org Medium Product Manifest multi-release true Low Product Manifest specification-title Apache Log4j Core Medium Product pom artifactid log4j-core Highest Product pom groupid org.apache.logging.log4j Highest Product pom name Apache Log4j Core High Product pom parent-artifactid log4j Medium Version file version 2.17.1 High Version Manifest Bundle-Version 2.17.1 High Version Manifest Implementation-Version 2.17.1 High Version Manifest log4jreleaseversion 2.17.1 Medium Version pom version 2.17.1 Highest
Related Dependencies log4j-api-2.17.1.jarFile Path: /home/runner/.m2/repository/org/apache/logging/log4j/log4j-api/2.17.1/log4j-api-2.17.1.jar MD5: dfd5f2d81aba31583ee87fe16c7b78f8 SHA1: d771af8e336e372fb5399c99edabe0919aeaf5b2 SHA256: b0d8a4c8ab4fb8b1888d0095822703b0e6d4793c419550203da9e69196161de4 pkg:maven/org.apache.logging.log4j/log4j-api@2.17.1 logback-core-1.2.13.jarDescription:
logback-core module License:
http://www.eclipse.org/legal/epl-v10.html, http://www.gnu.org/licenses/old-licenses/lgpl-2.1.html File Path: /home/runner/.m2/repository/ch/qos/logback/logback-core/1.2.13/logback-core-1.2.13.jar
MD5: 25736944b46d10756764364afcb455fc
SHA1: 8ae4a32ed4937b5ebff6891a93c5e957f4e81655
SHA256: 07b1586faf220c05821d0f3ed8e2e417e214c83f40641f76e8a90b134c31ff6b
Referenced In Projects/Scopes: shardingsphere-proxy-native-distribution:runtime shardingsphere-test-e2e-fixture:runtime shardingsphere-test-e2e-agent-jdbc-project:compile shardingsphere-logging-core:compile shardingsphere-proxy-bootstrap:compile shardingsphere-proxy-distribution:runtime shardingsphere-proxy-backend-core:compile logback-core-1.2.13.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/ch.qos.logback/logback-classic@1.2.13 pkg:maven/ch.qos.logback/logback-classic@1.2.13 pkg:maven/ch.qos.logback/logback-classic@1.2.13 pkg:maven/ch.qos.logback/logback-classic@1.2.13 pkg:maven/ch.qos.logback/logback-classic@1.2.13 pkg:maven/ch.qos.logback/logback-classic@1.2.13 pkg:maven/ch.qos.logback/logback-classic@1.2.13 Evidence Type Source Name Value Confidence Vendor file name logback-core High Vendor jar package name ch Highest Vendor jar package name core Highest Vendor jar package name logback Highest Vendor jar package name qos Highest Vendor Manifest build-jdk-spec 1.8 Low Vendor Manifest bundle-docurl http://www.qos.ch Low Vendor Manifest bundle-requiredexecutionenvironment JavaSE-1.6 Low Vendor Manifest bundle-symbolicname ch.qos.logback.core Medium Vendor Manifest originally-created-by Apache Maven Bundle Plugin 5.1.4 Low Vendor pom artifactid logback-core Highest Vendor pom artifactid logback-core Low Vendor pom groupid ch.qos.logback Highest Vendor pom name Logback Core Module High Vendor pom parent-artifactid logback-parent Low Product file name logback-core High Product jar package name ch Highest Product jar package name core Highest Product jar package name logback Highest Product jar package name qos Highest Product Manifest build-jdk-spec 1.8 Low Product Manifest bundle-docurl http://www.qos.ch Low Product Manifest Bundle-Name Logback Core Module Medium Product Manifest bundle-requiredexecutionenvironment JavaSE-1.6 Low Product Manifest bundle-symbolicname ch.qos.logback.core Medium Product Manifest originally-created-by Apache Maven Bundle Plugin 5.1.4 Low Product pom artifactid logback-core Highest Product pom groupid ch.qos.logback Highest Product pom name Logback Core Module High Product pom parent-artifactid logback-parent Medium Version file version 1.2.13 High Version Manifest Bundle-Version 1.2.13 High Version pom version 1.2.13 Highest
Related Dependencies logback-classic-1.2.13.jarFile Path: /home/runner/.m2/repository/ch/qos/logback/logback-classic/1.2.13/logback-classic-1.2.13.jar MD5: fc49f9a98304889b228adbbd7288ae43 SHA1: e9f3458e7354fe4917081237c01fa4999f4e1b86 SHA256: 937afb220b91d8a394d78befdbf587c71aeed289d582e2a91e72a7d92172371d pkg:maven/ch.qos.logback/logback-classic@1.2.13 lombok-1.18.30.jar lombok-1.18.30.jar: mavenEcjBootstrapAgent.jar mchange-commons-java-0.2.15.jarDescription:
mchange-commons-java License:
GNU Lesser General Public License, Version 2.1: http://www.gnu.org/licenses/lgpl-2.1.html
Eclipse Public License, Version 1.0: http://www.eclipse.org/org/documents/epl-v10.html File Path: /home/runner/.m2/repository/com/mchange/mchange-commons-java/0.2.15/mchange-commons-java-0.2.15.jar
MD5: 97c4575d9d49d9afb71492e6bb4417da
SHA1: 6ef5abe5f1b94ac45b7b5bad42d871da4fda6bbc
SHA256: 2b8fce65e95a3e968d5ab3507e2833f43df3daee0635ee51c7ce33343bb3a21c
Referenced In Projects/Scopes: shardingsphere-proxy-backend-opengauss:compile shardingsphere-data-pipeline-scenario-consistencycheck:compile shardingsphere-test-e2e-agent-plugins-metrics-prometheus:compile shardingsphere-test-e2e-agent-plugins-jaeger:compile shardingsphere-agent-metrics-core:provided shardingsphere-proxy-backend-postgresql:compile shardingsphere-agent-logging-type:provided shardingsphere-proxy-native-distribution:compile shardingsphere-agent-tracing-core:provided shardingsphere-test-e2e-sql:compile shardingsphere-data-pipeline-cdc-core:compile shardingsphere-proxy-backend-hbase:compile shardingsphere-data-pipeline-postgresql:compile shardingsphere-agent-logging-file:provided shardingsphere-data-pipeline-mysql:compile shardingsphere-test-e2e-env:compile shardingsphere-test-e2e-fixture:compile shardingsphere-agent-plugin-core:provided shardingsphere-test-e2e-agent-plugins-zipkin:compile shardingsphere-proxy-frontend-opengauss:compile shardingsphere-agent-plugin-logging:provided shardingsphere-proxy-backend-core:compile shardingsphere-test-it-pipeline:compile shardingsphere-test-e2e-showprocesslist:compile shardingsphere-proxy-distribution:compile shardingsphere-test-e2e-transaction:compile shardingsphere-agent-metrics-type:provided shardingsphere-agent-tracing-opentelemetry:provided shardingsphere-data-pipeline-opengauss:compile shardingsphere-proxy-frontend-postgresql:compile shardingsphere-data-pipeline-core:compile shardingsphere-agent-metrics-prometheus:provided shardingsphere-proxy-frontend-mysql:compile shardingsphere-test-e2e-agent-plugins-logging-file:compile shardingsphere-test-e2e-agent-plugins-common:compile shardingsphere-schedule-core:compile shardingsphere-agent-tracing-type:provided shardingsphere-proxy-frontend-core:compile shardingsphere-proxy-bootstrap:compile shardingsphere-proxy-frontend-spi:compile shardingsphere-data-pipeline-distsql-handler:compile shardingsphere-agent-plugin-metrics:provided shardingsphere-agent-plugins:provided shardingsphere-data-pipeline-scenario-migration:compile shardingsphere-agent-plugin-tracing:provided shardingsphere-proxy-backend-mysql:compile shardingsphere-test-e2e-pipeline:compile mchange-commons-java-0.2.15.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-bootstrap@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-common@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-common@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-postgresql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-common@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-env@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-bootstrap@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-scenario-consistencycheck@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-schedule-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere.elasticjob/elasticjob-lite-core@3.0.4 pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-bootstrap@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-postgresql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-env@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-mysql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere.elasticjob/elasticjob-lite-core@3.0.4 pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-common@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-fixture@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-fixture@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-core@5.5.1-SNAPSHOT Evidence Type Source Name Value Confidence Vendor file name mchange-commons-java High Vendor jar package name mchange Highest Vendor Manifest Implementation-Vendor com.mchange High Vendor Manifest Implementation-Vendor-Id com.mchange Medium Vendor Manifest specification-vendor com.mchange Low Vendor pom artifactid mchange-commons-java Highest Vendor pom artifactid mchange-commons-java Low Vendor pom developer email swaldman@mchange.com Low Vendor pom developer id swaldman Medium Vendor pom developer name Steve Waldman Medium Vendor pom groupid com.mchange Highest Vendor pom name mchange-commons-java High Vendor pom organization name com.mchange High Vendor pom url swaldman/mchange-commons-java Highest Product file name mchange-commons-java High Product jar package name mchange Highest Product Manifest Implementation-Title mchange-commons-java High Product Manifest specification-title mchange-commons-java Medium Product pom artifactid mchange-commons-java Highest Product pom developer email swaldman@mchange.com Low Product pom developer id swaldman Low Product pom developer name Steve Waldman Low Product pom groupid com.mchange Highest Product pom name mchange-commons-java High Product pom organization name com.mchange Low Product pom url swaldman/mchange-commons-java High Version file version 0.2.15 High Version Manifest Implementation-Version 0.2.15 High Version pom version 0.2.15 Highest
memory-0.9.0.jar mockito-core-4.11.0.jarDescription:
Mockito mock objects library core API and implementation License:
The MIT License: https://github.com/mockito/mockito/blob/main/LICENSE File Path: /home/runner/.m2/repository/org/mockito/mockito-core/4.11.0/mockito-core-4.11.0.jar
MD5: 9fe6ed240769c4e568ee331e0d850f90
SHA1: ce5226440c2ee78915716d4ce3d10aed2dbf26fb
SHA256: 4b909690cab288c761eb94c0bf0e814496cf3921d8affac84cd87774530351e5
Referenced In Projects/Scopes: shardingsphere-test-fixture-database:compile shardingsphere-test-it-parser:compile shardingsphere-test-fixture-infra:compile shardingsphere-test-util:compile mockito-core-4.11.0.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.shardingsphere/shardingsphere-test-it-parser@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-util@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-fixture-infra@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-fixture-database@5.5.1-SNAPSHOT Evidence Type Source Name Value Confidence Vendor file name mockito-core High Vendor jar package name and Highest Vendor jar package name api Highest Vendor jar package name mockito Highest Vendor Manifest automatic-module-name org.mockito Medium Vendor Manifest bundle-symbolicname org.mockito.mockito-core Medium Vendor pom artifactid mockito-core Highest Vendor pom artifactid mockito-core Low Vendor pom developer id bric3 Medium Vendor pom developer id mockitoguy Medium Vendor pom developer id raphw Medium Vendor pom developer id TimvdLippe Medium Vendor pom developer name Brice Dutheil Medium Vendor pom developer name Rafael Winterhalter Medium Vendor pom developer name Szczepan Faber Medium Vendor pom developer name Tim van der Lippe Medium Vendor pom groupid org.mockito Highest Vendor pom name mockito-core High Vendor pom url mockito/mockito Highest Product file name mockito-core High Product jar package name and Highest Product jar package name api Highest Product jar package name mockito Highest Product Manifest automatic-module-name org.mockito Medium Product Manifest Bundle-Name Mockito Mock Library for Java. Core bundle requires Byte Buddy and Objenesis. Medium Product Manifest bundle-symbolicname org.mockito.mockito-core Medium Product pom artifactid mockito-core Highest Product pom developer id bric3 Low Product pom developer id mockitoguy Low Product pom developer id raphw Low Product pom developer id TimvdLippe Low Product pom developer name Brice Dutheil Low Product pom developer name Rafael Winterhalter Low Product pom developer name Szczepan Faber Low Product pom developer name Tim van der Lippe Low Product pom groupid org.mockito Highest Product pom name mockito-core High Product pom url mockito/mockito High Version file version 4.11.0 High Version Manifest Bundle-Version 4.11.0 High Version pom version 4.11.0 Highest
mockito-junit-jupiter-4.11.0.jarDescription:
Mockito JUnit 5 support License:
The MIT License: https://github.com/mockito/mockito/blob/main/LICENSE File Path: /home/runner/.m2/repository/org/mockito/mockito-junit-jupiter/4.11.0/mockito-junit-jupiter-4.11.0.jar
MD5: 2dd90ec41b6e41dde720ec6df2157acf
SHA1: 6a2a2d138141e9c003451292348173c899450872
SHA256: f4b3694f60fccc7b520d8aea9b6c827d8e9949b652cad09fce10b546bf3ac537
Referenced In Projects/Scopes: shardingsphere-test-it-parser:compile shardingsphere-test-util:compile mockito-junit-jupiter-4.11.0.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.shardingsphere/shardingsphere-test-it-parser@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-util@5.5.1-SNAPSHOT Evidence Type Source Name Value Confidence Vendor file name mockito-junit-jupiter High Vendor jar package name junit Highest Vendor jar package name jupiter Highest Vendor jar package name mockito Highest Vendor Manifest automatic-module-name org.mockito.junit.jupiter Medium Vendor Manifest bundle-symbolicname org.mockito.junit-jupiter Medium Vendor pom artifactid mockito-junit-jupiter Highest Vendor pom artifactid mockito-junit-jupiter Low Vendor pom developer id bric3 Medium Vendor pom developer id mockitoguy Medium Vendor pom developer id raphw Medium Vendor pom developer id TimvdLippe Medium Vendor pom developer name Brice Dutheil Medium Vendor pom developer name Rafael Winterhalter Medium Vendor pom developer name Szczepan Faber Medium Vendor pom developer name Tim van der Lippe Medium Vendor pom groupid org.mockito Highest Vendor pom name mockito-junit-jupiter High Vendor pom url mockito/mockito Highest Product file name mockito-junit-jupiter High Product jar package name junit Highest Product jar package name jupiter Highest Product jar package name mockito Highest Product Manifest automatic-module-name org.mockito.junit.jupiter Medium Product Manifest Bundle-Name Mockito Extension Library for JUnit 5. Medium Product Manifest bundle-symbolicname org.mockito.junit-jupiter Medium Product pom artifactid mockito-junit-jupiter Highest Product pom developer id bric3 Low Product pom developer id mockitoguy Low Product pom developer id raphw Low Product pom developer id TimvdLippe Low Product pom developer name Brice Dutheil Low Product pom developer name Rafael Winterhalter Low Product pom developer name Szczepan Faber Low Product pom developer name Tim van der Lippe Low Product pom groupid org.mockito Highest Product pom name mockito-junit-jupiter High Product pom url mockito/mockito High Version file version 4.11.0 High Version Manifest Bundle-Version 4.11.0 High Version pom version 4.11.0 Highest
mysql-connector-j-8.3.0.jarDescription:
JDBC Type 4 driver for MySQL. License:
The GNU General Public License, v2 with Universal FOSS Exception, v1.0 File Path: /home/runner/.m2/repository/com/mysql/mysql-connector-j/8.3.0/mysql-connector-j-8.3.0.jar
MD5: 48d9e8892746315faf8023c1b26fd8bb
SHA1: 1cc7fa5d61f4bbc113531a4ba6d85d41cf3d57e1
SHA256: 94e7fa815370cdcefed915db7f53f88445fac110f8c3818392b992ec9ee6d295
Referenced In Projects/Scopes: shardingsphere-test-e2e-fixture:runtime shardingsphere-test-e2e-agent-plugins-zipkin:runtime shardingsphere-test-e2e-agent-jdbc-project:runtime shardingsphere-proxy-bootstrap:runtime shardingsphere-test-e2e-agent-plugins-jaeger:runtime shardingsphere-test-e2e-agent-plugins-metrics-prometheus:runtime shardingsphere-test-e2e-agent-plugins-logging-file:runtime mysql-connector-j-8.3.0.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-zipkin@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-bootstrap@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-fixture@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-jaeger@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-metrics-prometheus@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-logging-file@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-jdbc-project@5.5.1-SNAPSHOT Evidence Type Source Name Value Confidence Vendor file name mysql-connector-j High Vendor hint analyzer vendor oracle Highest Vendor hint analyzer (hint) vendor sun Highest Vendor jar package name cj Highest Vendor jar package name driver Highest Vendor jar package name jdbc Highest Vendor jar package name mysql Highest Vendor jar package name type Highest Vendor Manifest bundle-symbolicname com.mysql.cj Medium Vendor Manifest Implementation-Vendor Oracle High Vendor Manifest Implementation-Vendor-Id com.mysql Medium Vendor Manifest specification-vendor Oracle Corporation Low Vendor Manifest (hint) Implementation-Vendor sun High Vendor pom artifactid mysql-connector-j Highest Vendor pom artifactid mysql-connector-j Low Vendor pom developer email filipe.silva@oracle.com Low Vendor pom developer name Filipe Silva Medium Vendor pom developer org Oracle Corporation Medium Vendor pom developer org URL https://www.oracle.com/ Medium Vendor pom groupid com.mysql Highest Vendor pom name MySQL Connector/J High Vendor pom organization name Oracle Corporation High Vendor pom organization url https://www.oracle.com/ Medium Vendor pom url http://dev.mysql.com/doc/connector-j/en/ Highest Product file name mysql-connector-j High Product hint analyzer product mysql_connector/j Highest Product hint analyzer product mysql_connector_j Highest Product hint analyzer product mysql_connectors Highest Product jar package name cj Highest Product jar package name driver Highest Product jar package name jdbc Highest Product jar package name mysql Highest Product jar package name type Highest Product jar package name xdevapi Highest Product Manifest Bundle-Name Oracle Corporation's JDBC and XDevAPI Driver for MySQL Medium Product Manifest bundle-symbolicname com.mysql.cj Medium Product Manifest Implementation-Title MySQL Connector/J High Product Manifest specification-title JDBC Medium Product pom artifactid mysql-connector-j Highest Product pom developer email filipe.silva@oracle.com Low Product pom developer name Filipe Silva Low Product pom developer org Oracle Corporation Low Product pom developer org URL https://www.oracle.com/ Low Product pom groupid com.mysql Highest Product pom name MySQL Connector/J High Product pom organization name Oracle Corporation Low Product pom organization url https://www.oracle.com/ Low Product pom url http://dev.mysql.com/doc/connector-j/en/ Medium Version file version 8.3.0 High Version Manifest Bundle-Version 8.3.0 High Version Manifest Implementation-Version 8.3.0 High Version pom version 8.3.0 Highest
narayana-jts-integration-5.12.7.Final.jarDescription:
Narayana: ArjunaJTS integration (atx) File Path: /home/runner/.m2/repository/org/jboss/narayana/jts/narayana-jts-integration/5.12.7.Final/narayana-jts-integration-5.12.7.Final.jarMD5: 8bd042889fdefff3c4d918e61545eff9SHA1: 25ca327ff95e77ba0623904b20d2056fc087c587SHA256: f5f795d4426d7b96abcb09d6871c15fde2d290ae9b1bde27cf69cd0305c3067eReferenced In Projects/Scopes:
shardingsphere-test-e2e-agent-plugins-metrics-prometheus:compile shardingsphere-test-e2e-transaction:compile shardingsphere-test-e2e-agent-plugins-jaeger:compile shardingsphere-test-e2e-sql:compile shardingsphere-test-e2e-agent-plugins-logging-file:compile shardingsphere-test-e2e-agent-plugins-common:compile shardingsphere-test-e2e-env:compile shardingsphere-test-e2e-fixture:compile shardingsphere-test-e2e-agent-plugins-zipkin:compile shardingsphere-transaction-xa-narayana:provided shardingsphere-test-e2e-pipeline:compile shardingsphere-test-e2e-showprocesslist:compile narayana-jts-integration-5.12.7.Final.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-env@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-transaction@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-fixture@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-fixture@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-fixture@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-env@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-common@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-common@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-common@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-common@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-fixture@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-transaction-xa-narayana@5.5.1-SNAPSHOT Evidence Type Source Name Value Confidence Vendor file name narayana-jts-integration High Vendor jar package name jts Highest Vendor Manifest build-jdk-spec 11 Low Vendor Manifest implementation-url http://www.jboss.org/ Low Vendor Manifest Implementation-Vendor JBoss by Red Hat, Inc. High Vendor Manifest Implementation-Vendor-Id http://www.jboss.org/ Medium Vendor Manifest os-arch amd64 Low Vendor Manifest os-name Linux Medium Vendor Manifest specification-vendor JBoss by Red Hat Low Vendor pom artifactid narayana-jts-integration Highest Vendor pom artifactid narayana-jts-integration Low Vendor pom groupid org.jboss.narayana.jts Highest Vendor pom name Narayana: ArjunaJTS integration High Vendor pom parent-artifactid narayana-jts-all Low Product file name narayana-jts-integration High Product jar package name jts Highest Product Manifest build-jdk-spec 11 Low Product Manifest Implementation-Title Narayana: ArjunaJTS integration High Product Manifest implementation-url http://www.jboss.org/ Low Product Manifest os-arch amd64 Low Product Manifest os-name Linux Medium Product Manifest specification-title Narayana: ArjunaJTS integration Medium Product pom artifactid narayana-jts-integration Highest Product pom groupid org.jboss.narayana.jts Highest Product pom name Narayana: ArjunaJTS integration High Product pom parent-artifactid narayana-jts-all Medium Version Manifest Implementation-Version 5.12.7.Final High Version pom version 5.12.7.Final Highest
netty-3.10.5.Final.jarDescription:
The Netty project is an effort to provide an asynchronous event-driven
network application framework and tools for rapid development of
maintainable high performance and high scalability protocol servers and
clients. In other words, Netty is a NIO client server framework which
enables quick and easy development of network applications such as protocol
servers and clients. It greatly simplifies and streamlines network
programming such as TCP and UDP socket server.
License:
Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0 File Path: /home/runner/.m2/repository/io/netty/netty/3.10.5.Final/netty-3.10.5.Final.jar
MD5: 14466fef5f114f444c688f7977e9dbce
SHA1: 9ca7d55d246092bddd29b867706e2f6c7db701a0
SHA256: eb031acf8a00733481bcd60807925ecfc9ce3840f13823d4b96cdcb1132db1da
Referenced In Project/Scope: shardingsphere-infra-database-hive:provided
netty-3.10.5.Final.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.hive/hive-jdbc@3.1.3
Evidence Type Source Name Value Confidence Vendor file name netty High Vendor jar package name jboss Highest Vendor jar package name netty Highest Vendor Manifest bundle-buddypolicy registered Low Vendor Manifest bundle-docurl http://netty.io/ Low Vendor Manifest bundle-symbolicname org.jboss.netty Medium Vendor Manifest eclipse-buddypolicy registered Low Vendor pom artifactid netty Highest Vendor pom artifactid netty Low Vendor pom developer email netty@googlegroups.com Low Vendor pom developer id netty.io Medium Vendor pom developer name The Netty Project Contributors Medium Vendor pom developer org The Netty Project Medium Vendor pom developer org URL http://netty.io/ Medium Vendor pom groupid io.netty Highest Vendor pom name Netty High Vendor pom organization name The Netty Project High Vendor pom organization url http://netty.io/ Medium Vendor pom url http://netty.io/ Highest Product file name netty High Product jar package name jboss Highest Product jar package name netty Highest Product jar package name socket Highest Product Manifest bundle-buddypolicy registered Low Product Manifest bundle-docurl http://netty.io/ Low Product Manifest Bundle-Name Netty Medium Product Manifest bundle-symbolicname org.jboss.netty Medium Product Manifest eclipse-buddypolicy registered Low Product pom artifactid netty Highest Product pom developer email netty@googlegroups.com Low Product pom developer id netty.io Low Product pom developer name The Netty Project Contributors Low Product pom developer org The Netty Project Low Product pom developer org URL http://netty.io/ Low Product pom groupid io.netty Highest Product pom name Netty High Product pom organization name The Netty Project Low Product pom organization url http://netty.io/ Low Product pom url http://netty.io/ Medium Version Manifest Bundle-Version 3.10.5.Final High Version pom version 3.10.5.Final Highest
CVE-2019-20444 suppress
HttpObjectDecoder.java in Netty before 4.1.44 allows an HTTP header that lacks a colon, which might be interpreted as a separate header with an incorrect syntax, or might be interpreted as an "invalid fold." CWE-444 Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')
CVSSv2:
Base Score: MEDIUM (6.4) Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:N CVSSv3:
Base Score: CRITICAL (9.1) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:3.9/RC:R/MAV:A References:
Vulnerable Software & Versions: (show all )
CVE-2019-20445 suppress
HttpObjectDecoder.java in Netty before 4.1.44 allows a Content-Length header to be accompanied by a second Content-Length header, or by a Transfer-Encoding header. CWE-444 Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')
CVSSv2:
Base Score: MEDIUM (6.4) Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:N CVSSv3:
Base Score: CRITICAL (9.1) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:3.9/RC:R/MAV:A References:
Vulnerable Software & Versions: (show all )
CVE-2019-16869 suppress
Netty before 4.1.42.Final mishandles whitespace before the colon in HTTP headers (such as a "Transfer-Encoding : chunked" line), which leads to HTTP request smuggling. CWE-444 Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')
CVSSv2:
Base Score: MEDIUM (5.0) Vector: /AV:N/AC:L/Au:N/C:N/I:P/A:N CVSSv3:
Base Score: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:3.9/RC:R/MAV:A References:
Vulnerable Software & Versions: (show all )
CVE-2020-11612 (OSSINDEX) suppress
netty-codec - Denial of Service (DoS) via Memory Exhaustion [CVE-2020-11612]
The product allocates memory based on an untrusted size value, but it does not validate or incorrectly validates the size, allowing arbitrary amounts of memory to be allocated.
Sonatype's research suggests that this CVE's details differ from those defined at NVD. See https://ossindex.sonatype.org/vulnerability/CVE-2020-11612 for details CWE-789 Memory Allocation with Excessive Size Value
CVSSv3:
Base Score: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H References:
Vulnerable Software & Versions (OSSINDEX):
cpe:2.3:a:io.netty:netty:3.10.5.Final:*:*:*:*:*:*:* CVE-2021-37136 suppress
The Bzip2 decompression decoder function doesn't allow setting size restrictions on the decompressed output data (which affects the allocation size used during decompression). All users of Bzip2Decoder are affected. The malicious input can trigger an OOME and so a DoS attack CWE-400 Uncontrolled Resource Consumption
CVSSv2:
Base Score: MEDIUM (5.0) Vector: /AV:N/AC:L/Au:N/C:N/I:N/A:P CVSSv3:
Base Score: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:3.9/RC:R/MAV:A References:
Vulnerable Software & Versions: (show all )
CVE-2021-37137 suppress
The Snappy frame decoder function doesn't restrict the chunk length which may lead to excessive memory usage. Beside this it also may buffer reserved skippable chunks until the whole chunk was received which may lead to excessive memory usage as well. This vulnerability can be triggered by supplying malicious input that decompresses to a very big size (via a network stream or a file) or by sending a huge skippable chunk. CWE-400 Uncontrolled Resource Consumption
CVSSv2:
Base Score: MEDIUM (5.0) Vector: /AV:N/AC:L/Au:N/C:N/I:N/A:P CVSSv3:
Base Score: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:3.9/RC:R/MAV:A References:
Vulnerable Software & Versions: (show all )
CVE-2022-41881 suppress
Netty project is an event-driven asynchronous network application framework. In versions prior to 4.1.86.Final, a StackOverflowError can be raised when parsing a malformed crafted message due to an infinite recursion. This issue is patched in version 4.1.86.Final. There is no workaround, except using a custom HaProxyMessageDecoder. CWE-674 Uncontrolled Recursion
CVSSv3:
Base Score: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:3.9/RC:R/MAV:A References:
Vulnerable Software & Versions:
CVE-2023-44487 suppress
CISA Known Exploited Vulnerability: Product: IETF HTTP/2 Name: HTTP/2 Rapid Reset Attack Vulnerability Date Added: 2023-10-10 Description: HTTP/2 contains a rapid reset vulnerability that allows for a distributed denial-of-service attack (DDoS). Required Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. Due Date: 2023-10-31 Notes: This vulnerability affects a common open-source component, third-party library, or a protocol used by different products. Please check with specific vendors for information on patching status. For more information, please see: https://blog.cloudflare.com/technical-breakdown-http2-rapid-reset-ddos-attack/
The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. CWE-400 Uncontrolled Resource Consumption
CVSSv3:
Base Score: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:3.9/RC:R/MAV:A References:
cve@mitre.org - EXPLOIT,THIRD_PARTY_ADVISORY cve@mitre.org - ISSUE_TRACKING cve@mitre.org - ISSUE_TRACKING,PATCH,VENDOR_ADVISORY cve@mitre.org - ISSUE_TRACKING,PATCH,VENDOR_ADVISORY cve@mitre.org - ISSUE_TRACKING,PATCH,VENDOR_ADVISORY cve@mitre.org - ISSUE_TRACKING,PATCH,VENDOR_ADVISORY cve@mitre.org - ISSUE_TRACKING,PRESS/MEDIA_COVERAGE cve@mitre.org - ISSUE_TRACKING,THIRD_PARTY_ADVISORY cve@mitre.org - ISSUE_TRACKING,THIRD_PARTY_ADVISORY cve@mitre.org - ISSUE_TRACKING,THIRD_PARTY_ADVISORY cve@mitre.org - ISSUE_TRACKING,THIRD_PARTY_ADVISORY cve@mitre.org - ISSUE_TRACKING,VENDOR_ADVISORY cve@mitre.org - ISSUE_TRACKING,VENDOR_ADVISORY cve@mitre.org - ISSUE_TRACKING,VENDOR_ADVISORY cve@mitre.org - ISSUE_TRACKING,VENDOR_ADVISORY cve@mitre.org - ISSUE_TRACKING,VENDOR_ADVISORY cve@mitre.org - ISSUE_TRACKING,VENDOR_ADVISORY cve@mitre.org - ISSUE_TRACKING,VENDOR_ADVISORY cve@mitre.org - ISSUE_TRACKING,VENDOR_ADVISORY cve@mitre.org - ISSUE_TRACKING,VENDOR_ADVISORY cve@mitre.org - ISSUE_TRACKING,VENDOR_ADVISORY cve@mitre.org - ISSUE_TRACKING,VENDOR_ADVISORY cve@mitre.org - ISSUE_TRACKING,VENDOR_ADVISORY cve@mitre.org - ISSUE_TRACKING,VENDOR_ADVISORY cve@mitre.org - ISSUE_TRACKING,VENDOR_ADVISORY cve@mitre.org - ISSUE_TRACKING,VENDOR_ADVISORY cve@mitre.org - ISSUE_TRACKING,VENDOR_ADVISORY cve@mitre.org - ISSUE_TRACKING,VENDOR_ADVISORY cve@mitre.org - ISSUE_TRACKING,VENDOR_ADVISORY cve@mitre.org - MAILING_LIST cve@mitre.org - MAILING_LIST,PATCH,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,PATCH,VENDOR_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,VENDOR_ADVISORY cve@mitre.org - MAILING_LIST,VENDOR_ADVISORY cve@mitre.org - MITIGATION,PATCH,VENDOR_ADVISORY cve@mitre.org - MITIGATION,PATCH,VENDOR_ADVISORY cve@mitre.org - MITIGATION,VENDOR_ADVISORY cve@mitre.org - MITIGATION,VENDOR_ADVISORY cve@mitre.org - PATCH,THIRD_PARTY_ADVISORY cve@mitre.org - PATCH,THIRD_PARTY_ADVISORY cve@mitre.org - PATCH,VENDOR_ADVISORY cve@mitre.org - PATCH,VENDOR_ADVISORY cve@mitre.org - PATCH,VENDOR_ADVISORY cve@mitre.org - PATCH,VENDOR_ADVISORY cve@mitre.org - PATCH,VENDOR_ADVISORY cve@mitre.org - PATCH,VENDOR_ADVISORY cve@mitre.org - PATCH,VENDOR_ADVISORY cve@mitre.org - PATCH,VENDOR_ADVISORY cve@mitre.org - PATCH,VENDOR_ADVISORY cve@mitre.org - PATCH,VENDOR_ADVISORY cve@mitre.org - PRESS/MEDIA_COVERAGE cve@mitre.org - PRESS/MEDIA_COVERAGE,THIRD_PARTY_ADVISORY cve@mitre.org - PRESS/MEDIA_COVERAGE,THIRD_PARTY_ADVISORY cve@mitre.org - PRESS/MEDIA_COVERAGE,THIRD_PARTY_ADVISORY cve@mitre.org - PRESS/MEDIA_COVERAGE,THIRD_PARTY_ADVISORY cve@mitre.org - PRODUCT,RELEASE_NOTES,VENDOR_ADVISORY cve@mitre.org - PRODUCT,THIRD_PARTY_ADVISORY cve@mitre.org - PRODUCT,THIRD_PARTY_ADVISORY cve@mitre.org - PRODUCT,VENDOR_ADVISORY cve@mitre.org - RELEASE_NOTES,THIRD_PARTY_ADVISORY cve@mitre.org - RELEASE_NOTES,THIRD_PARTY_ADVISORY cve@mitre.org - RELEASE_NOTES,VENDOR_ADVISORY cve@mitre.org - RELEASE_NOTES,VENDOR_ADVISORY cve@mitre.org - TECHNICAL_DESCRIPTION,THIRD_PARTY_ADVISORY cve@mitre.org - TECHNICAL_DESCRIPTION,VENDOR_ADVISORY cve@mitre.org - TECHNICAL_DESCRIPTION,VENDOR_ADVISORY cve@mitre.org - TECHNICAL_DESCRIPTION,VENDOR_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY,US_GOVERNMENT_RESOURCE cve@mitre.org - VENDOR_ADVISORY cve@mitre.org - VENDOR_ADVISORY cve@mitre.org - VENDOR_ADVISORY cve@mitre.org - VENDOR_ADVISORY cve@mitre.org - VENDOR_ADVISORY cve@mitre.org - VENDOR_ADVISORY cve@mitre.org - VENDOR_ADVISORY cve@mitre.org - VENDOR_ADVISORY cve@mitre.org - VENDOR_ADVISORY cve@mitre.org - VENDOR_ADVISORY cve@mitre.org - VENDOR_ADVISORY cve@mitre.org - VENDOR_ADVISORY cve@mitre.org - VENDOR_ADVISORY cve@mitre.org - VENDOR_ADVISORY cve@mitre.org - VENDOR_ADVISORY cve@mitre.org - VENDOR_ADVISORY cve@mitre.org - VENDOR_ADVISORY cve@mitre.org - VENDOR_ADVISORY cve@mitre.org - VENDOR_ADVISORY cve@mitre.org - VENDOR_ADVISORY cve@mitre.org - VENDOR_ADVISORY Vulnerable Software & Versions: (show all )
CVE-2021-43797 suppress
Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. Netty prior to version 4.1.71.Final skips control chars when they are present at the beginning / end of the header name. It should instead fail fast as these are not allowed by the spec and could lead to HTTP request smuggling. Failing to do the validation might cause netty to "sanitize" header names before it forward these to another remote system when used as proxy. This remote system can't see the invalid usage anymore, and therefore does not do the validation itself. Users should upgrade to version 4.1.71.Final. CWE-444 Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')
CVSSv2:
Base Score: MEDIUM (4.3) Vector: /AV:N/AC:M/Au:N/C:N/I:P/A:N CVSSv3:
Base Score: MEDIUM (6.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:2.8/RC:R/MAV:A References:
Vulnerable Software & Versions: (show all )
CVE-2023-34462 suppress
Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. The `SniHandler` can allocate up to 16MB of heap for each channel during the TLS handshake. When the handler or the channel does not have an idle timeout, it can be used to make a TCP server using the `SniHandler` to allocate 16MB of heap. The `SniHandler` class is a handler that waits for the TLS handshake to configure a `SslHandler` according to the indicated server name by the `ClientHello` record. For this matter it allocates a `ByteBuf` using the value defined in the `ClientHello` record. Normally the value of the packet should be smaller than the handshake packet but there are not checks done here and the way the code is written, it is possible to craft a packet that makes the `SslClientHelloHandler`. This vulnerability has been fixed in version 4.1.94.Final. CWE-400 Uncontrolled Resource Consumption, CWE-770 Allocation of Resources Without Limits or Throttling
CVSSv3:
Base Score: MEDIUM (6.5) Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:2.8/RC:R/MAV:A References:
Vulnerable Software & Versions:
CVE-2021-21295 suppress
Netty is an open-source, asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. In Netty (io.netty:netty-codec-http2) before version 4.1.60.Final there is a vulnerability that enables request smuggling. If a Content-Length header is present in the original HTTP/2 request, the field is not validated by `Http2MultiplexHandler` as it is propagated up. This is fine as long as the request is not proxied through as HTTP/1.1. If the request comes in as an HTTP/2 stream, gets converted into the HTTP/1.1 domain objects (`HttpRequest`, `HttpContent`, etc.) via `Http2StreamFrameToHttpObjectCodec `and then sent up to the child channel's pipeline and proxied through a remote peer as HTTP/1.1 this may result in request smuggling. In a proxy case, users may assume the content-length is validated somehow, which is not the case. If the request is forwarded to a backend channel that is a HTTP/1.1 connection, the Content-Length now has meaning and needs to be checked. An attacker can smuggle requests inside the body as it gets downgraded from HTTP/2 to HTTP/1.1. For an example attack refer to the linked GitHub Advisory. Users are only affected if all of this is true: `HTTP2MultiplexCodec` or `Http2FrameCodec` is used, `Http2StreamFrameToHttpObjectCodec` is used to convert to HTTP/1.1 objects, and these HTTP/1.1 objects are forwarded to another remote peer. This has been patched in 4.1.60.Final As a workaround, the user can do the validation by themselves by implementing a custom `ChannelInboundHandler` that is put in the `ChannelPipeline` behind `Http2StreamFrameToHttpObjectCodec`. CWE-444 Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')
CVSSv2:
Base Score: LOW (2.6) Vector: /AV:N/AC:H/Au:N/C:N/I:P/A:N CVSSv3:
Base Score: MEDIUM (5.9) Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N/E:2.2/RC:R/MAV:A References:
Vulnerable Software & Versions: (show all )
CVE-2021-21409 suppress
Netty is an open-source, asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. In Netty (io.netty:netty-codec-http2) before version 4.1.61.Final there is a vulnerability that enables request smuggling. The content-length header is not correctly validated if the request only uses a single Http2HeaderFrame with the endStream set to to true. This could lead to request smuggling if the request is proxied to a remote peer and translated to HTTP/1.1. This is a followup of GHSA-wm47-8v5p-wjpj/CVE-2021-21295 which did miss to fix this one case. This was fixed as part of 4.1.61.Final. CWE-444 Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')
CVSSv2:
Base Score: MEDIUM (4.3) Vector: /AV:N/AC:M/Au:N/C:N/I:P/A:N CVSSv3:
Base Score: MEDIUM (5.9) Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N/E:2.2/RC:R/MAV:A References:
Vulnerable Software & Versions: (show all )
CVE-2021-21290 suppress
Netty is an open-source, asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. In Netty before version 4.1.59.Final there is a vulnerability on Unix-like systems involving an insecure temp file. When netty's multipart decoders are used local information disclosure can occur via the local system temporary directory if temporary storing uploads on the disk is enabled. On unix-like systems, the temporary directory is shared between all user. As such, writing to this directory using APIs that do not explicitly set the file/directory permissions can lead to information disclosure. Of note, this does not impact modern MacOS Operating Systems. The method "File.createTempFile" on unix-like systems creates a random file, but, by default will create this file with the permissions "-rw-r--r--". Thus, if sensitive information is written to this file, other local users can read this information. This is the case in netty's "AbstractDiskHttpData" is vulnerable. This has been fixed in version 4.1.59.Final. As a workaround, one may specify your own "java.io.tmpdir" when you start the JVM or use "DefaultHttpDataFactory.setBaseDir(...)" to set the directory to something that is only readable by the current user. CWE-378 Creation of Temporary File With Insecure Permissions, CWE-379 Creation of Temporary File in Directory with Insecure Permissions, CWE-668 Exposure of Resource to Wrong Sphere
CVSSv2:
Base Score: LOW (1.9) Vector: /AV:L/AC:M/Au:N/C:P/I:N/A:N CVSSv3:
Base Score: MEDIUM (5.5) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:1.8/RC:R/MAV:A References:
Vulnerable Software & Versions: (show all )
CVE-2022-24823 suppress
Netty is an open-source, asynchronous event-driven network application framework. The package `io.netty:netty-codec-http` prior to version 4.1.77.Final contains an insufficient fix for CVE-2021-21290. When Netty's multipart decoders are used local information disclosure can occur via the local system temporary directory if temporary storing uploads on the disk is enabled. This only impacts applications running on Java version 6 and lower. Additionally, this vulnerability impacts code running on Unix-like systems, and very old versions of Mac OSX and Windows as they all share the system temporary directory between all users. Version 4.1.77.Final contains a patch for this vulnerability. As a workaround, specify one's own `java.io.tmpdir` when starting the JVM or use DefaultHttpDataFactory.setBaseDir(...) to set the directory to something that is only readable by the current user. CWE-378 Creation of Temporary File With Insecure Permissions, CWE-379 Creation of Temporary File in Directory with Insecure Permissions, CWE-668 Exposure of Resource to Wrong Sphere
CVSSv2:
Base Score: LOW (1.9) Vector: /AV:L/AC:M/Au:N/C:P/I:N/A:N CVSSv3:
Base Score: MEDIUM (5.5) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:1.8/RC:R/MAV:A References:
Vulnerable Software & Versions: (show all )
netty-codec-http-4.1.106.Final.jarDescription:
Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers and clients. License:
https://www.apache.org/licenses/LICENSE-2.0 File Path: /home/runner/.m2/repository/io/netty/netty-codec-http/4.1.106.Final/netty-codec-http-4.1.106.Final.jar
MD5: 7462ef9dcc87d4ecaaded602e0202906
SHA1: 21a07cdf0fc46b313fe2248f1275cdbdac0ba87b
SHA256: ba177a03adc587fa63e96f1dbae9c46ff25f59397ea34d960b45e05d0296026e
Referenced In Projects/Scopes: shardingsphere-proxy-distribution:compile shardingsphere-test-e2e-agent-plugins-metrics-prometheus:compile shardingsphere-infra-database-hive:provided shardingsphere-test-e2e-transaction:compile shardingsphere-test-e2e-agent-plugins-jaeger:compile shardingsphere-agent-metrics-core:provided shardingsphere-proxy-native-distribution:compile shardingsphere-test-e2e-sql:compile shardingsphere-agent-metrics-prometheus:provided shardingsphere-test-e2e-agent-plugins-logging-file:compile shardingsphere-cluster-mode-repository-etcd:compile shardingsphere-test-e2e-agent-plugins-common:compile shardingsphere-jdbc-distribution:compile shardingsphere-test-e2e-env:compile shardingsphere-transaction-base-seata-at:provided shardingsphere-test-e2e-fixture:compile shardingsphere-proxy-bootstrap:compile shardingsphere-test-e2e-agent-plugins-zipkin:compile shardingsphere-test-e2e-pipeline:compile shardingsphere-test-e2e-showprocesslist:compile netty-codec-http-4.1.106.Final.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-common@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-bootstrap@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-common@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-bootstrap@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-cluster-mode-repository-etcd@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-bootstrap@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-bootstrap@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-common@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-env@5.5.1-SNAPSHOT pkg:maven/io.seata/seata-all@2.0.0 pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-bootstrap@5.5.1-SNAPSHOT pkg:maven/org.apache.hive/hive-jdbc@3.1.3 pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-env@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-bootstrap@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-bootstrap@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-common@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-fixture@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-fixture@5.5.1-SNAPSHOT pkg:maven/io.etcd/jetcd-core@0.7.7 pkg:maven/org.apache.shardingsphere/shardingsphere-cluster-mode-repository-etcd@5.5.1-SNAPSHOT Evidence Type Source Name Value Confidence Vendor file name netty-codec-http High Vendor jar package name codec Highest Vendor jar package name io Highest Vendor jar package name netty Highest Vendor Manifest automatic-module-name io.netty.codec.http Medium Vendor Manifest build-jdk-spec 1.8 Low Vendor Manifest bundle-docurl https://netty.io/ Low Vendor Manifest bundle-symbolicname io.netty.codec-http Medium Vendor Manifest implementation-url https://netty.io/netty-codec-http/ Low Vendor Manifest Implementation-Vendor The Netty Project High Vendor Manifest Implementation-Vendor-Id io.netty Medium Vendor Manifest specification-vendor The Netty Project Low Vendor pom artifactid netty-codec-http Highest Vendor pom artifactid netty-codec-http Low Vendor pom groupid io.netty Highest Vendor pom name Netty/Codec/HTTP High Vendor pom parent-artifactid netty-parent Low Product file name netty-codec-http High Product jar package name codec Highest Product jar package name io Highest Product jar package name netty Highest Product Manifest automatic-module-name io.netty.codec.http Medium Product Manifest build-jdk-spec 1.8 Low Product Manifest bundle-docurl https://netty.io/ Low Product Manifest Bundle-Name Netty/Codec/HTTP Medium Product Manifest bundle-symbolicname io.netty.codec-http Medium Product Manifest Implementation-Title Netty/Codec/HTTP High Product Manifest implementation-url https://netty.io/netty-codec-http/ Low Product Manifest specification-title Netty/Codec/HTTP Medium Product pom artifactid netty-codec-http Highest Product pom groupid io.netty Highest Product pom name Netty/Codec/HTTP High Product pom parent-artifactid netty-parent Medium Version Manifest Bundle-Version 4.1.106.Final High Version Manifest Implementation-Version 4.1.106.Final High Version pom version 4.1.106.Final Highest
CVE-2024-29025 (OSSINDEX) suppress
Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. The `HttpPostRequestDecoder` can be tricked to accumulate data. While the decoder can store items on the disk if configured so, there are no limits to the number of fields the form can have, an attacher can send a chunked post consisting of many small fields that will be accumulated in the `bodyListHttpData` list. The decoder cumulates bytes in the `undecodedChunk` buffer until it can decode a field, this field can cumulate data without limits. This vulnerability is fixed in 4.1.108.Final.
Sonatype's research suggests that this CVE's details differ from those defined at NVD. See https://ossindex.sonatype.org/vulnerability/CVE-2024-29025 for details CWE-770 Allocation of Resources Without Limits or Throttling
CVSSv3:
Base Score: MEDIUM (5.300000190734863) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L References:
Vulnerable Software & Versions (OSSINDEX):
cpe:2.3:a:io.netty:netty-codec-http:4.1.106.Final:*:*:*:*:*:*:* netty-codec-memcache-4.1.106.Final.jarDescription:
Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers and clients. License:
https://www.apache.org/licenses/LICENSE-2.0 File Path: /home/runner/.m2/repository/io/netty/netty-codec-memcache/4.1.106.Final/netty-codec-memcache-4.1.106.Final.jar
MD5: 1865ce2c1d16db39dfd0f2cdc89ec505
SHA1: 0014b6ab981335686f309fefe31759ca156251e7
SHA256: 2bd247b9ecfba600f2ca21d89f11ddac8f5b454fe885ebdcdd5b7042a1fe9f69
Referenced In Projects/Scopes: shardingsphere-infra-database-hive:provided shardingsphere-transaction-base-seata-at:provided netty-codec-memcache-4.1.106.Final.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.hive/hive-jdbc@3.1.3 pkg:maven/io.seata/seata-all@2.0.0 Evidence Type Source Name Value Confidence Vendor file name netty-codec-memcache High Vendor jar package name codec Highest Vendor jar package name io Highest Vendor jar package name netty Highest Vendor Manifest automatic-module-name io.netty.codec.memcache Medium Vendor Manifest build-jdk-spec 1.8 Low Vendor Manifest bundle-docurl https://netty.io/ Low Vendor Manifest bundle-symbolicname io.netty.codec-memcache Medium Vendor Manifest implementation-url https://netty.io/netty-codec-memcache/ Low Vendor Manifest Implementation-Vendor The Netty Project High Vendor Manifest Implementation-Vendor-Id io.netty Medium Vendor Manifest specification-vendor The Netty Project Low Vendor pom artifactid netty-codec-memcache Highest Vendor pom artifactid netty-codec-memcache Low Vendor pom groupid io.netty Highest Vendor pom name Netty/Codec/Memcache High Vendor pom parent-artifactid netty-parent Low Product file name netty-codec-memcache High Product jar package name codec Highest Product jar package name io Highest Product jar package name netty Highest Product Manifest automatic-module-name io.netty.codec.memcache Medium Product Manifest build-jdk-spec 1.8 Low Product Manifest bundle-docurl https://netty.io/ Low Product Manifest Bundle-Name Netty/Codec/Memcache Medium Product Manifest bundle-symbolicname io.netty.codec-memcache Medium Product Manifest Implementation-Title Netty/Codec/Memcache High Product Manifest implementation-url https://netty.io/netty-codec-memcache/ Low Product Manifest specification-title Netty/Codec/Memcache Medium Product pom artifactid netty-codec-memcache Highest Product pom groupid io.netty Highest Product pom name Netty/Codec/Memcache High Product pom parent-artifactid netty-parent Medium Version Manifest Bundle-Version 4.1.106.Final High Version Manifest Implementation-Version 4.1.106.Final High Version pom version 4.1.106.Final Highest
netty-codec-mqtt-4.1.106.Final.jarDescription:
Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers and clients. License:
https://www.apache.org/licenses/LICENSE-2.0 File Path: /home/runner/.m2/repository/io/netty/netty-codec-mqtt/4.1.106.Final/netty-codec-mqtt-4.1.106.Final.jar
MD5: e7e10bcd60464b421e31a0ab6cee7d6b
SHA1: f755fb107f03dc02213276dec35dc5d128a4c4ca
SHA256: 533a934308bc08e813421e9980ff75fc78c6cdd8458b4d34c87371aadaaf9a4d
Referenced In Projects/Scopes: shardingsphere-infra-database-hive:provided shardingsphere-transaction-base-seata-at:provided netty-codec-mqtt-4.1.106.Final.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.hive/hive-jdbc@3.1.3 pkg:maven/io.seata/seata-all@2.0.0 Evidence Type Source Name Value Confidence Vendor file name netty-codec-mqtt High Vendor jar package name codec Highest Vendor jar package name io Highest Vendor jar package name netty Highest Vendor Manifest automatic-module-name io.netty.codec.mqtt Medium Vendor Manifest build-jdk-spec 1.8 Low Vendor Manifest bundle-docurl https://netty.io/ Low Vendor Manifest bundle-symbolicname io.netty.codec-mqtt Medium Vendor Manifest implementation-url https://netty.io/netty-codec-mqtt/ Low Vendor Manifest Implementation-Vendor The Netty Project High Vendor Manifest Implementation-Vendor-Id io.netty Medium Vendor Manifest specification-vendor The Netty Project Low Vendor pom artifactid netty-codec-mqtt Highest Vendor pom artifactid netty-codec-mqtt Low Vendor pom groupid io.netty Highest Vendor pom name Netty/Codec/MQTT High Vendor pom parent-artifactid netty-parent Low Product file name netty-codec-mqtt High Product jar package name codec Highest Product jar package name io Highest Product jar package name netty Highest Product Manifest automatic-module-name io.netty.codec.mqtt Medium Product Manifest build-jdk-spec 1.8 Low Product Manifest bundle-docurl https://netty.io/ Low Product Manifest Bundle-Name Netty/Codec/MQTT Medium Product Manifest bundle-symbolicname io.netty.codec-mqtt Medium Product Manifest Implementation-Title Netty/Codec/MQTT High Product Manifest implementation-url https://netty.io/netty-codec-mqtt/ Low Product Manifest specification-title Netty/Codec/MQTT Medium Product pom artifactid netty-codec-mqtt Highest Product pom groupid io.netty Highest Product pom name Netty/Codec/MQTT High Product pom parent-artifactid netty-parent Medium Version Manifest Bundle-Version 4.1.106.Final High Version Manifest Implementation-Version 4.1.106.Final High Version pom version 4.1.106.Final Highest
netty-common-4.1.106.Final.jar (shaded: org.jctools:jctools-core:3.1.0)Description:
Java Concurrency Tools Core Library License:
Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/runner/.m2/repository/io/netty/netty-common/4.1.106.Final/netty-common-4.1.106.Final.jar/META-INF/maven/org.jctools/jctools-core/pom.xml
MD5: 08e7326c64d7fd6ae4ea32e7eb4e5b79
SHA1: 9deceaba814dea198202b04fe0eec0d2dbf69ea9
SHA256: acaf1b4c366f6794a734288a2c003f16af90a9c479cf4d7daade689764e4fb47
Referenced In Projects/Scopes: shardingsphere-cluster-mode-repository-zookeeper:compile shardingsphere-agent-metrics-core:provided shardingsphere-proxy-native-distribution:compile shardingsphere-agent-tracing-core:provided shardingsphere-test-e2e-sql:compile shardingsphere-proxy-backend-hbase:compile shardingsphere-agent-logging-file:provided shardingsphere-test-e2e-fixture:compile shardingsphere-agent-plugin-core:provided shardingsphere-test-e2e-agent-plugins-zipkin:compile shardingsphere-agent-plugin-logging:provided shardingsphere-db-protocol-core:compile shardingsphere-test-e2e-showprocesslist:compile shardingsphere-proxy-distribution:compile shardingsphere-infra-database-hive:provided shardingsphere-test-e2e-transaction:compile shardingsphere-agent-metrics-type:provided shardingsphere-agent-tracing-opentelemetry:provided shardingsphere-data-pipeline-opengauss:compile shardingsphere-data-pipeline-core:compile shardingsphere-test-e2e-agent-plugins-logging-file:compile shardingsphere-jdbc-distribution:compile shardingsphere-schedule-core:compile shardingsphere-agent-tracing-type:provided shardingsphere-proxy-frontend-spi:compile shardingsphere-agent-plugins:provided shardingsphere-agent-plugin-tracing:provided shardingsphere-test-e2e-pipeline:compile shardingsphere-proxy-backend-opengauss:compile shardingsphere-data-pipeline-scenario-consistencycheck:compile shardingsphere-test-e2e-agent-plugins-metrics-prometheus:compile shardingsphere-test-e2e-agent-plugins-jaeger:compile shardingsphere-proxy-backend-postgresql:compile shardingsphere-agent-logging-type:provided shardingsphere-data-pipeline-cdc-core:compile shardingsphere-data-pipeline-postgresql:compile shardingsphere-data-pipeline-mysql:compile shardingsphere-test-e2e-env:compile shardingsphere-transaction-base-seata-at:provided shardingsphere-postgresql-protocol:compile shardingsphere-proxy-frontend-opengauss:compile shardingsphere-proxy-backend-core:compile shardingsphere-test-it-pipeline:compile shardingsphere-mysql-protocol:compile shardingsphere-data-pipeline-cdc-client:compile shardingsphere-opengauss-protocol:compile shardingsphere-proxy-frontend-postgresql:compile shardingsphere-agent-metrics-prometheus:provided shardingsphere-proxy-frontend-mysql:compile shardingsphere-cluster-mode-repository-etcd:compile shardingsphere-test-e2e-agent-plugins-common:compile shardingsphere-proxy-frontend-core:compile shardingsphere-proxy-bootstrap:compile shardingsphere-data-pipeline-distsql-handler:compile shardingsphere-agent-plugin-metrics:provided shardingsphere-data-pipeline-scenario-migration:compile shardingsphere-proxy-backend-mysql:compile Evidence Type Source Name Value Confidence Vendor pom artifactid jctools-core Low Vendor pom groupid org.jctools Highest Vendor pom name Java Concurrency Tools Core Library High Vendor pom url JCTools Highest Product pom artifactid jctools-core Highest Product pom groupid org.jctools Highest Product pom name Java Concurrency Tools Core Library High Product pom url JCTools High Version pom version 3.1.0 Highest
netty-tcnative-boringssl-static-2.0.61.Final-linux-aarch_64.jarDescription:
A Mavenized fork of Tomcat Native which incorporates various patches. This artifact is statically linked
to BoringSSL.
License:
http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/runner/.m2/repository/io/netty/netty-tcnative-boringssl-static/2.0.61.Final/netty-tcnative-boringssl-static-2.0.61.Final-linux-aarch_64.jar
MD5: 8745bf50ba9924672bda4183bb60d30f
SHA1: cc2ba8b1c1f5acebfa314601aefefc1407056cdf
SHA256: 3614395218ae379cec22ccaa089c4f27b9329a660e0d53c93e7cb12b7a2cee46
Referenced In Projects/Scopes: shardingsphere-cluster-mode-repository-zookeeper:compile shardingsphere-agent-metrics-core:provided shardingsphere-proxy-frontend-core:runtime shardingsphere-proxy-native-distribution:compile shardingsphere-agent-tracing-core:provided shardingsphere-test-e2e-sql:compile shardingsphere-proxy-backend-hbase:compile shardingsphere-agent-logging-file:provided shardingsphere-test-e2e-fixture:compile shardingsphere-agent-plugin-core:provided shardingsphere-test-e2e-agent-plugins-zipkin:compile shardingsphere-agent-plugin-logging:provided shardingsphere-test-e2e-showprocesslist:compile shardingsphere-proxy-distribution:compile shardingsphere-infra-database-hive:provided shardingsphere-test-e2e-transaction:compile shardingsphere-agent-metrics-type:provided shardingsphere-agent-tracing-opentelemetry:provided shardingsphere-data-pipeline-opengauss:compile shardingsphere-data-pipeline-core:compile shardingsphere-test-e2e-agent-plugins-logging-file:compile shardingsphere-schedule-core:compile shardingsphere-agent-tracing-type:provided shardingsphere-proxy-frontend-spi:compile shardingsphere-agent-plugins:provided shardingsphere-agent-plugin-tracing:provided shardingsphere-test-e2e-pipeline:compile shardingsphere-proxy-backend-opengauss:compile shardingsphere-data-pipeline-scenario-consistencycheck:compile shardingsphere-test-e2e-agent-plugins-metrics-prometheus:compile shardingsphere-test-e2e-agent-plugins-jaeger:compile shardingsphere-proxy-backend-postgresql:compile shardingsphere-agent-logging-type:provided shardingsphere-data-pipeline-cdc-core:compile shardingsphere-data-pipeline-postgresql:compile shardingsphere-data-pipeline-mysql:compile shardingsphere-test-e2e-env:compile shardingsphere-proxy-frontend-opengauss:compile shardingsphere-proxy-backend-core:compile shardingsphere-test-it-pipeline:compile shardingsphere-proxy-frontend-postgresql:compile shardingsphere-agent-metrics-prometheus:provided shardingsphere-proxy-frontend-mysql:compile shardingsphere-test-e2e-agent-plugins-common:compile shardingsphere-proxy-bootstrap:compile shardingsphere-data-pipeline-distsql-handler:compile shardingsphere-agent-plugin-metrics:provided shardingsphere-data-pipeline-scenario-migration:compile shardingsphere-proxy-backend-mysql:compile netty-tcnative-boringssl-static-2.0.61.Final-linux-aarch_64.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-env@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-postgresql@5.5.1-SNAPSHOT pkg:maven/org.apache.curator/curator-client@5.6.0 pkg:maven/io.netty/netty-tcnative-boringssl-static@2.0.61.Final pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-cluster-mode-repository-zookeeper@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-mysql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-bootstrap@5.5.1-SNAPSHOT pkg:maven/org.apache.curator/curator-test@5.6.0 pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-common@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-common@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-postgresql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-fixture@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere.elasticjob/elasticjob-lite-core@3.0.4 pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-bootstrap@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-bootstrap@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-env@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-common@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-fixture@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-common@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-scenario-consistencycheck@5.5.1-SNAPSHOT pkg:maven/org.apache.hive/hive-jdbc@3.1.3 Evidence Type Source Name Value Confidence Vendor file name netty-tcnative-boringssl-static High Vendor Manifest automatic-module-name io.netty.internal.tcnative.openssl.linux.aarch_64 Medium Vendor Manifest boringssl-branch chromium-stable Low Vendor Manifest boringssl-revision 1ccef4908ce04adc6d246262846f3cd8a111fa44 Low Vendor Manifest build-jdk-spec 1.8 Low Vendor Manifest bundle-docurl https://netty.io/ Low Vendor Manifest bundle-nativecode META-INF/native/libnetty_tcnative_linux_aarch_64.so;osname=linux;processor=x86_64 Low Vendor Manifest bundle-symbolicname io.netty.tcnative-boringssl-static Medium Vendor Manifest fragment-host io.netty.tcnative-classes Low Vendor Manifest implementation-url https://github.com/netty/netty-tcnative/netty-tcnative-boringssl-static/ Low Vendor Manifest Implementation-Vendor The Netty Project High Vendor Manifest Implementation-Vendor-Id io.netty Medium Vendor pom artifactid netty-tcnative-boringssl-static Highest Vendor pom artifactid netty-tcnative-boringssl-static Low Vendor pom groupid io.netty Highest Vendor pom name Netty/TomcatNative [BoringSSL - Static] High Vendor pom parent-artifactid netty-tcnative-parent Low Product file name netty-tcnative-boringssl-static High Product Manifest automatic-module-name io.netty.internal.tcnative.openssl.linux.aarch_64 Medium Product Manifest boringssl-branch chromium-stable Low Product Manifest boringssl-revision 1ccef4908ce04adc6d246262846f3cd8a111fa44 Low Product Manifest build-jdk-spec 1.8 Low Product Manifest bundle-docurl https://netty.io/ Low Product Manifest Bundle-Name Netty/TomcatNative [BoringSSL - Static] Medium Product Manifest bundle-nativecode META-INF/native/libnetty_tcnative_linux_aarch_64.so;osname=linux;processor=x86_64 Low Product Manifest bundle-symbolicname io.netty.tcnative-boringssl-static Medium Product Manifest fragment-host io.netty.tcnative-classes Low Product Manifest Implementation-Title Netty/TomcatNative [BoringSSL - Static] High Product Manifest implementation-url https://github.com/netty/netty-tcnative/netty-tcnative-boringssl-static/ Low Product pom artifactid netty-tcnative-boringssl-static Highest Product pom groupid io.netty Highest Product pom name Netty/TomcatNative [BoringSSL - Static] High Product pom parent-artifactid netty-tcnative-parent Medium Version Manifest Bundle-Version 2.0.61.Final High Version Manifest Implementation-Version 2.0.61.Final High Version pom version 2.0.61.Final Highest
netty-tcnative-boringssl-static-2.0.61.Final-linux-x86_64.jarDescription:
A Mavenized fork of Tomcat Native which incorporates various patches. This artifact is statically linked
to BoringSSL.
License:
http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/runner/.m2/repository/io/netty/netty-tcnative-boringssl-static/2.0.61.Final/netty-tcnative-boringssl-static-2.0.61.Final-linux-x86_64.jar
MD5: ab03d5d83359dbadeadc04c00d413b42
SHA1: a52fce30407ffcbb38fb0edda64d81c56c331fe7
SHA256: 4ff9d14f1ec6ccee35b78f53a6f3d9c7c54535aa2a76138311c2f619c5e150e1
Referenced In Projects/Scopes: shardingsphere-cluster-mode-repository-zookeeper:compile shardingsphere-agent-metrics-core:provided shardingsphere-proxy-frontend-core:runtime shardingsphere-proxy-native-distribution:compile shardingsphere-agent-tracing-core:provided shardingsphere-test-e2e-sql:compile shardingsphere-proxy-backend-hbase:compile shardingsphere-agent-logging-file:provided shardingsphere-test-e2e-fixture:compile shardingsphere-agent-plugin-core:provided shardingsphere-test-e2e-agent-plugins-zipkin:compile shardingsphere-agent-plugin-logging:provided shardingsphere-test-e2e-showprocesslist:compile shardingsphere-proxy-distribution:compile shardingsphere-infra-database-hive:provided shardingsphere-test-e2e-transaction:compile shardingsphere-agent-metrics-type:provided shardingsphere-agent-tracing-opentelemetry:provided shardingsphere-data-pipeline-opengauss:compile shardingsphere-data-pipeline-core:compile shardingsphere-test-e2e-agent-plugins-logging-file:compile shardingsphere-schedule-core:compile shardingsphere-agent-tracing-type:provided shardingsphere-proxy-frontend-spi:compile shardingsphere-agent-plugins:provided shardingsphere-agent-plugin-tracing:provided shardingsphere-test-e2e-pipeline:compile shardingsphere-proxy-backend-opengauss:compile shardingsphere-data-pipeline-scenario-consistencycheck:compile shardingsphere-test-e2e-agent-plugins-metrics-prometheus:compile shardingsphere-test-e2e-agent-plugins-jaeger:compile shardingsphere-proxy-backend-postgresql:compile shardingsphere-agent-logging-type:provided shardingsphere-data-pipeline-cdc-core:compile shardingsphere-data-pipeline-postgresql:compile shardingsphere-data-pipeline-mysql:compile shardingsphere-test-e2e-env:compile shardingsphere-proxy-frontend-opengauss:compile shardingsphere-proxy-backend-core:compile shardingsphere-test-it-pipeline:compile shardingsphere-proxy-frontend-postgresql:compile shardingsphere-agent-metrics-prometheus:provided shardingsphere-proxy-frontend-mysql:compile shardingsphere-test-e2e-agent-plugins-common:compile shardingsphere-proxy-bootstrap:compile shardingsphere-data-pipeline-distsql-handler:compile shardingsphere-agent-plugin-metrics:provided shardingsphere-data-pipeline-scenario-migration:compile shardingsphere-proxy-backend-mysql:compile netty-tcnative-boringssl-static-2.0.61.Final-linux-x86_64.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.hive/hive-jdbc@3.1.3 pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-env@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-bootstrap@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-postgresql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-scenario-consistencycheck@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-common@5.5.1-SNAPSHOT pkg:maven/io.netty/netty-tcnative-boringssl-static@2.0.61.Final pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-bootstrap@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-postgresql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-common@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-fixture@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-fixture@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-common@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-mysql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-cluster-mode-repository-zookeeper@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.curator/curator-client@5.6.0 pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere.elasticjob/elasticjob-lite-core@3.0.4 pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-bootstrap@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-core@5.5.1-SNAPSHOT pkg:maven/org.apache.curator/curator-test@5.6.0 pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-env@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-common@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT Evidence Type Source Name Value Confidence Vendor file name netty-tcnative-boringssl-static High Vendor Manifest automatic-module-name io.netty.internal.tcnative.openssl.linux.x86_64 Medium Vendor Manifest boringssl-branch chromium-stable Low Vendor Manifest boringssl-revision 1ccef4908ce04adc6d246262846f3cd8a111fa44 Low Vendor Manifest build-jdk-spec 1.8 Low Vendor Manifest bundle-docurl https://netty.io/ Low Vendor Manifest bundle-nativecode META-INF/native/libnetty_tcnative_linux_x86_64.so;osname=linux;processor=x86_64 Low Vendor Manifest bundle-symbolicname io.netty.tcnative-boringssl-static Medium Vendor Manifest fragment-host io.netty.tcnative-classes Low Vendor Manifest implementation-url https://github.com/netty/netty-tcnative/netty-tcnative-boringssl-static/ Low Vendor Manifest Implementation-Vendor The Netty Project High Vendor Manifest Implementation-Vendor-Id io.netty Medium Vendor pom artifactid netty-tcnative-boringssl-static Highest Vendor pom artifactid netty-tcnative-boringssl-static Low Vendor pom groupid io.netty Highest Vendor pom name Netty/TomcatNative [BoringSSL - Static] High Vendor pom parent-artifactid netty-tcnative-parent Low Product file name netty-tcnative-boringssl-static High Product Manifest automatic-module-name io.netty.internal.tcnative.openssl.linux.x86_64 Medium Product Manifest boringssl-branch chromium-stable Low Product Manifest boringssl-revision 1ccef4908ce04adc6d246262846f3cd8a111fa44 Low Product Manifest build-jdk-spec 1.8 Low Product Manifest bundle-docurl https://netty.io/ Low Product Manifest Bundle-Name Netty/TomcatNative [BoringSSL - Static] Medium Product Manifest bundle-nativecode META-INF/native/libnetty_tcnative_linux_x86_64.so;osname=linux;processor=x86_64 Low Product Manifest bundle-symbolicname io.netty.tcnative-boringssl-static Medium Product Manifest fragment-host io.netty.tcnative-classes Low Product Manifest Implementation-Title Netty/TomcatNative [BoringSSL - Static] High Product Manifest implementation-url https://github.com/netty/netty-tcnative/netty-tcnative-boringssl-static/ Low Product pom artifactid netty-tcnative-boringssl-static Highest Product pom groupid io.netty Highest Product pom name Netty/TomcatNative [BoringSSL - Static] High Product pom parent-artifactid netty-tcnative-parent Medium Version Manifest Bundle-Version 2.0.61.Final High Version Manifest Implementation-Version 2.0.61.Final High Version pom version 2.0.61.Final Highest
netty-tcnative-boringssl-static-2.0.61.Final-osx-aarch_64.jarDescription:
A Mavenized fork of Tomcat Native which incorporates various patches. This artifact is statically linked
to BoringSSL.
License:
http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/runner/.m2/repository/io/netty/netty-tcnative-boringssl-static/2.0.61.Final/netty-tcnative-boringssl-static-2.0.61.Final-osx-aarch_64.jar
MD5: fa8e590d996b3f0cef7de09a24a54a8c
SHA1: 556e60a7ecd7f32e6cdc61cfba6c93d2b144889d
SHA256: 58e0302c9fde3db984c3ff7ee7ec7159dc0320bdb91533cc290e12e40911cd1a
Referenced In Projects/Scopes: shardingsphere-cluster-mode-repository-zookeeper:compile shardingsphere-agent-metrics-core:provided shardingsphere-proxy-frontend-core:runtime shardingsphere-proxy-native-distribution:compile shardingsphere-agent-tracing-core:provided shardingsphere-test-e2e-sql:compile shardingsphere-proxy-backend-hbase:compile shardingsphere-agent-logging-file:provided shardingsphere-test-e2e-fixture:compile shardingsphere-agent-plugin-core:provided shardingsphere-test-e2e-agent-plugins-zipkin:compile shardingsphere-agent-plugin-logging:provided shardingsphere-test-e2e-showprocesslist:compile shardingsphere-proxy-distribution:compile shardingsphere-infra-database-hive:provided shardingsphere-test-e2e-transaction:compile shardingsphere-agent-metrics-type:provided shardingsphere-agent-tracing-opentelemetry:provided shardingsphere-data-pipeline-opengauss:compile shardingsphere-data-pipeline-core:compile shardingsphere-test-e2e-agent-plugins-logging-file:compile shardingsphere-schedule-core:compile shardingsphere-agent-tracing-type:provided shardingsphere-proxy-frontend-spi:compile shardingsphere-agent-plugins:provided shardingsphere-agent-plugin-tracing:provided shardingsphere-test-e2e-pipeline:compile shardingsphere-proxy-backend-opengauss:compile shardingsphere-data-pipeline-scenario-consistencycheck:compile shardingsphere-test-e2e-agent-plugins-metrics-prometheus:compile shardingsphere-test-e2e-agent-plugins-jaeger:compile shardingsphere-proxy-backend-postgresql:compile shardingsphere-agent-logging-type:provided shardingsphere-data-pipeline-cdc-core:compile shardingsphere-data-pipeline-postgresql:compile shardingsphere-data-pipeline-mysql:compile shardingsphere-test-e2e-env:compile shardingsphere-proxy-frontend-opengauss:compile shardingsphere-proxy-backend-core:compile shardingsphere-test-it-pipeline:compile shardingsphere-proxy-frontend-postgresql:compile shardingsphere-agent-metrics-prometheus:provided shardingsphere-proxy-frontend-mysql:compile shardingsphere-test-e2e-agent-plugins-common:compile shardingsphere-proxy-bootstrap:compile shardingsphere-data-pipeline-distsql-handler:compile shardingsphere-agent-plugin-metrics:provided shardingsphere-data-pipeline-scenario-migration:compile shardingsphere-proxy-backend-mysql:compile netty-tcnative-boringssl-static-2.0.61.Final-osx-aarch_64.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-common@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-scenario-consistencycheck@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-fixture@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-common@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-postgresql@5.5.1-SNAPSHOT pkg:maven/io.netty/netty-tcnative-boringssl-static@2.0.61.Final pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-mysql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-common@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.curator/curator-client@5.6.0 pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-postgresql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-core@5.5.1-SNAPSHOT pkg:maven/org.apache.hive/hive-jdbc@3.1.3 pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-bootstrap@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere.elasticjob/elasticjob-lite-core@3.0.4 pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-bootstrap@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-common@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-bootstrap@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.curator/curator-test@5.6.0 pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-fixture@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-env@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-env@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-cluster-mode-repository-zookeeper@5.5.1-SNAPSHOT Evidence Type Source Name Value Confidence Vendor file name netty-tcnative-boringssl-static High Vendor Manifest automatic-module-name io.netty.internal.tcnative.openssl.osx.aarch_64 Medium Vendor Manifest boringssl-branch chromium-stable Low Vendor Manifest boringssl-revision 1ccef4908ce04adc6d246262846f3cd8a111fa44 Low Vendor Manifest build-jdk-spec 1.8 Low Vendor Manifest bundle-docurl https://netty.io/ Low Vendor Manifest bundle-nativecode META-INF/native/libnetty_tcnative_osx_aarch_64.jnilib;osname=macosx;;processor=x86_64 Low Vendor Manifest bundle-symbolicname io.netty.tcnative-boringssl-static Medium Vendor Manifest fragment-host io.netty.tcnative-classes Low Vendor Manifest implementation-url https://github.com/netty/netty-tcnative/netty-tcnative-boringssl-static/ Low Vendor Manifest Implementation-Vendor The Netty Project High Vendor Manifest Implementation-Vendor-Id io.netty Medium Vendor pom artifactid netty-tcnative-boringssl-static Highest Vendor pom artifactid netty-tcnative-boringssl-static Low Vendor pom groupid io.netty Highest Vendor pom name Netty/TomcatNative [BoringSSL - Static] High Vendor pom parent-artifactid netty-tcnative-parent Low Product file name netty-tcnative-boringssl-static High Product Manifest automatic-module-name io.netty.internal.tcnative.openssl.osx.aarch_64 Medium Product Manifest boringssl-branch chromium-stable Low Product Manifest boringssl-revision 1ccef4908ce04adc6d246262846f3cd8a111fa44 Low Product Manifest build-jdk-spec 1.8 Low Product Manifest bundle-docurl https://netty.io/ Low Product Manifest Bundle-Name Netty/TomcatNative [BoringSSL - Static] Medium Product Manifest bundle-nativecode META-INF/native/libnetty_tcnative_osx_aarch_64.jnilib;osname=macosx;;processor=x86_64 Low Product Manifest bundle-symbolicname io.netty.tcnative-boringssl-static Medium Product Manifest fragment-host io.netty.tcnative-classes Low Product Manifest Implementation-Title Netty/TomcatNative [BoringSSL - Static] High Product Manifest implementation-url https://github.com/netty/netty-tcnative/netty-tcnative-boringssl-static/ Low Product pom artifactid netty-tcnative-boringssl-static Highest Product pom groupid io.netty Highest Product pom name Netty/TomcatNative [BoringSSL - Static] High Product pom parent-artifactid netty-tcnative-parent Medium Version Manifest Bundle-Version 2.0.61.Final High Version Manifest Implementation-Version 2.0.61.Final High Version pom version 2.0.61.Final Highest
netty-tcnative-boringssl-static-2.0.61.Final-osx-x86_64.jarDescription:
A Mavenized fork of Tomcat Native which incorporates various patches. This artifact is statically linked
to BoringSSL.
License:
http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/runner/.m2/repository/io/netty/netty-tcnative-boringssl-static/2.0.61.Final/netty-tcnative-boringssl-static-2.0.61.Final-osx-x86_64.jar
MD5: 8a8684186d4be9f91c930f81684289e3
SHA1: 0efef10166c644b9ea9f4e62bfed12a5bb37b55a
SHA256: fcfea887f4f0802d363c699b444d504b7109a7cb198ae6845eeff63745e5b0ba
Referenced In Projects/Scopes: shardingsphere-cluster-mode-repository-zookeeper:compile shardingsphere-agent-metrics-core:provided shardingsphere-proxy-frontend-core:runtime shardingsphere-proxy-native-distribution:compile shardingsphere-agent-tracing-core:provided shardingsphere-test-e2e-sql:compile shardingsphere-proxy-backend-hbase:compile shardingsphere-agent-logging-file:provided shardingsphere-test-e2e-fixture:compile shardingsphere-agent-plugin-core:provided shardingsphere-test-e2e-agent-plugins-zipkin:compile shardingsphere-agent-plugin-logging:provided shardingsphere-test-e2e-showprocesslist:compile shardingsphere-proxy-distribution:compile shardingsphere-infra-database-hive:provided shardingsphere-test-e2e-transaction:compile shardingsphere-agent-metrics-type:provided shardingsphere-agent-tracing-opentelemetry:provided shardingsphere-data-pipeline-opengauss:compile shardingsphere-data-pipeline-core:compile shardingsphere-test-e2e-agent-plugins-logging-file:compile shardingsphere-schedule-core:compile shardingsphere-agent-tracing-type:provided shardingsphere-proxy-frontend-spi:compile shardingsphere-agent-plugins:provided shardingsphere-agent-plugin-tracing:provided shardingsphere-test-e2e-pipeline:compile shardingsphere-proxy-backend-opengauss:compile shardingsphere-data-pipeline-scenario-consistencycheck:compile shardingsphere-test-e2e-agent-plugins-metrics-prometheus:compile shardingsphere-test-e2e-agent-plugins-jaeger:compile shardingsphere-proxy-backend-postgresql:compile shardingsphere-agent-logging-type:provided shardingsphere-data-pipeline-cdc-core:compile shardingsphere-data-pipeline-postgresql:compile shardingsphere-data-pipeline-mysql:compile shardingsphere-test-e2e-env:compile shardingsphere-proxy-frontend-opengauss:compile shardingsphere-proxy-backend-core:compile shardingsphere-test-it-pipeline:compile shardingsphere-proxy-frontend-postgresql:compile shardingsphere-agent-metrics-prometheus:provided shardingsphere-proxy-frontend-mysql:compile shardingsphere-test-e2e-agent-plugins-common:compile shardingsphere-proxy-bootstrap:compile shardingsphere-data-pipeline-distsql-handler:compile shardingsphere-agent-plugin-metrics:provided shardingsphere-data-pipeline-scenario-migration:compile shardingsphere-proxy-backend-mysql:compile netty-tcnative-boringssl-static-2.0.61.Final-osx-x86_64.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-fixture@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-common@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-cluster-mode-repository-zookeeper@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-env@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-common@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-mysql@5.5.1-SNAPSHOT pkg:maven/org.apache.hive/hive-jdbc@3.1.3 pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-bootstrap@5.5.1-SNAPSHOT pkg:maven/org.apache.curator/curator-test@5.6.0 pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-bootstrap@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-fixture@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-common@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-postgresql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere.elasticjob/elasticjob-lite-core@3.0.4 pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-common@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.curator/curator-client@5.6.0 pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-env@5.5.1-SNAPSHOT pkg:maven/io.netty/netty-tcnative-boringssl-static@2.0.61.Final pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-postgresql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-scenario-consistencycheck@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-bootstrap@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT Evidence Type Source Name Value Confidence Vendor file name netty-tcnative-boringssl-static High Vendor Manifest automatic-module-name io.netty.internal.tcnative.openssl.osx.x86_64 Medium Vendor Manifest boringssl-branch chromium-stable Low Vendor Manifest boringssl-revision 1ccef4908ce04adc6d246262846f3cd8a111fa44 Low Vendor Manifest build-jdk-spec 1.8 Low Vendor Manifest bundle-docurl https://netty.io/ Low Vendor Manifest bundle-nativecode META-INF/native/libnetty_tcnative_osx_x86_64.jnilib;osname=macosx;;processor=x86_64 Low Vendor Manifest bundle-symbolicname io.netty.tcnative-boringssl-static Medium Vendor Manifest fragment-host io.netty.tcnative-classes Low Vendor Manifest implementation-url https://github.com/netty/netty-tcnative/netty-tcnative-boringssl-static/ Low Vendor Manifest Implementation-Vendor The Netty Project High Vendor Manifest Implementation-Vendor-Id io.netty Medium Vendor pom artifactid netty-tcnative-boringssl-static Highest Vendor pom artifactid netty-tcnative-boringssl-static Low Vendor pom groupid io.netty Highest Vendor pom name Netty/TomcatNative [BoringSSL - Static] High Vendor pom parent-artifactid netty-tcnative-parent Low Product file name netty-tcnative-boringssl-static High Product Manifest automatic-module-name io.netty.internal.tcnative.openssl.osx.x86_64 Medium Product Manifest boringssl-branch chromium-stable Low Product Manifest boringssl-revision 1ccef4908ce04adc6d246262846f3cd8a111fa44 Low Product Manifest build-jdk-spec 1.8 Low Product Manifest bundle-docurl https://netty.io/ Low Product Manifest Bundle-Name Netty/TomcatNative [BoringSSL - Static] Medium Product Manifest bundle-nativecode META-INF/native/libnetty_tcnative_osx_x86_64.jnilib;osname=macosx;;processor=x86_64 Low Product Manifest bundle-symbolicname io.netty.tcnative-boringssl-static Medium Product Manifest fragment-host io.netty.tcnative-classes Low Product Manifest Implementation-Title Netty/TomcatNative [BoringSSL - Static] High Product Manifest implementation-url https://github.com/netty/netty-tcnative/netty-tcnative-boringssl-static/ Low Product pom artifactid netty-tcnative-boringssl-static Highest Product pom groupid io.netty Highest Product pom name Netty/TomcatNative [BoringSSL - Static] High Product pom parent-artifactid netty-tcnative-parent Medium Version Manifest Bundle-Version 2.0.61.Final High Version Manifest Implementation-Version 2.0.61.Final High Version pom version 2.0.61.Final Highest
netty-tcnative-boringssl-static-2.0.61.Final-windows-x86_64.jarDescription:
A Mavenized fork of Tomcat Native which incorporates various patches. This artifact is statically linked
to BoringSSL.
License:
http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/runner/.m2/repository/io/netty/netty-tcnative-boringssl-static/2.0.61.Final/netty-tcnative-boringssl-static-2.0.61.Final-windows-x86_64.jar
MD5: edd5eafc8d0d623febd96f30a48bdde3
SHA1: a60887fcc4b03be4b4c065e085ec099a59c1dc25
SHA256: 17cd2fa3c63b7ed23edea01c945e55cb7baed1faa0f553732c3f5f56da90b3e0
Referenced In Projects/Scopes: shardingsphere-cluster-mode-repository-zookeeper:compile shardingsphere-agent-metrics-core:provided shardingsphere-proxy-frontend-core:runtime shardingsphere-proxy-native-distribution:compile shardingsphere-agent-tracing-core:provided shardingsphere-test-e2e-sql:compile shardingsphere-proxy-backend-hbase:compile shardingsphere-agent-logging-file:provided shardingsphere-test-e2e-fixture:compile shardingsphere-agent-plugin-core:provided shardingsphere-test-e2e-agent-plugins-zipkin:compile shardingsphere-agent-plugin-logging:provided shardingsphere-test-e2e-showprocesslist:compile shardingsphere-proxy-distribution:compile shardingsphere-infra-database-hive:provided shardingsphere-test-e2e-transaction:compile shardingsphere-agent-metrics-type:provided shardingsphere-agent-tracing-opentelemetry:provided shardingsphere-data-pipeline-opengauss:compile shardingsphere-data-pipeline-core:compile shardingsphere-test-e2e-agent-plugins-logging-file:compile shardingsphere-schedule-core:compile shardingsphere-agent-tracing-type:provided shardingsphere-proxy-frontend-spi:compile shardingsphere-agent-plugins:provided shardingsphere-agent-plugin-tracing:provided shardingsphere-test-e2e-pipeline:compile shardingsphere-proxy-backend-opengauss:compile shardingsphere-data-pipeline-scenario-consistencycheck:compile shardingsphere-test-e2e-agent-plugins-metrics-prometheus:compile shardingsphere-test-e2e-agent-plugins-jaeger:compile shardingsphere-proxy-backend-postgresql:compile shardingsphere-agent-logging-type:provided shardingsphere-data-pipeline-cdc-core:compile shardingsphere-data-pipeline-postgresql:compile shardingsphere-data-pipeline-mysql:compile shardingsphere-test-e2e-env:compile shardingsphere-proxy-frontend-opengauss:compile shardingsphere-proxy-backend-core:compile shardingsphere-test-it-pipeline:compile shardingsphere-proxy-frontend-postgresql:compile shardingsphere-agent-metrics-prometheus:provided shardingsphere-proxy-frontend-mysql:compile shardingsphere-test-e2e-agent-plugins-common:compile shardingsphere-proxy-bootstrap:compile shardingsphere-data-pipeline-distsql-handler:compile shardingsphere-agent-plugin-metrics:provided shardingsphere-data-pipeline-scenario-migration:compile shardingsphere-proxy-backend-mysql:compile netty-tcnative-boringssl-static-2.0.61.Final-windows-x86_64.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-scenario-consistencycheck@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.curator/curator-client@5.6.0 pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-env@5.5.1-SNAPSHOT pkg:maven/org.apache.hive/hive-jdbc@3.1.3 pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-bootstrap@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-postgresql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.curator/curator-test@5.6.0 pkg:maven/org.apache.shardingsphere/shardingsphere-cluster-mode-repository-zookeeper@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-postgresql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-common@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/io.netty/netty-tcnative-boringssl-static@2.0.61.Final pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere.elasticjob/elasticjob-lite-core@3.0.4 pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-bootstrap@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-common@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-env@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-fixture@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-common@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-mysql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-bootstrap@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-common@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-fixture@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-core@5.5.1-SNAPSHOT Evidence Type Source Name Value Confidence Vendor file name netty-tcnative-boringssl-static High Vendor Manifest automatic-module-name io.netty.internal.tcnative.openssl.windows.x86_64 Medium Vendor Manifest boringssl-branch chromium-stable Low Vendor Manifest boringssl-revision 1ccef4908ce04adc6d246262846f3cd8a111fa44 Low Vendor Manifest build-jdk-spec 1.8 Low Vendor Manifest bundle-docurl https://netty.io/ Low Vendor Manifest bundle-nativecode META-INF/native/netty_tcnative_windows_x86_64.dll;osname=win32;processor=x86_64 Low Vendor Manifest bundle-symbolicname io.netty.tcnative-boringssl-static Medium Vendor Manifest fragment-host io.netty.tcnative-classes Low Vendor Manifest implementation-url https://github.com/netty/netty-tcnative/netty-tcnative-boringssl-static/ Low Vendor Manifest Implementation-Vendor The Netty Project High Vendor Manifest Implementation-Vendor-Id io.netty Medium Vendor pom artifactid netty-tcnative-boringssl-static Highest Vendor pom artifactid netty-tcnative-boringssl-static Low Vendor pom groupid io.netty Highest Vendor pom name Netty/TomcatNative [BoringSSL - Static] High Vendor pom parent-artifactid netty-tcnative-parent Low Product file name netty-tcnative-boringssl-static High Product Manifest automatic-module-name io.netty.internal.tcnative.openssl.windows.x86_64 Medium Product Manifest boringssl-branch chromium-stable Low Product Manifest boringssl-revision 1ccef4908ce04adc6d246262846f3cd8a111fa44 Low Product Manifest build-jdk-spec 1.8 Low Product Manifest bundle-docurl https://netty.io/ Low Product Manifest Bundle-Name Netty/TomcatNative [BoringSSL - Static] Medium Product Manifest bundle-nativecode META-INF/native/netty_tcnative_windows_x86_64.dll;osname=win32;processor=x86_64 Low Product Manifest bundle-symbolicname io.netty.tcnative-boringssl-static Medium Product Manifest fragment-host io.netty.tcnative-classes Low Product Manifest Implementation-Title Netty/TomcatNative [BoringSSL - Static] High Product Manifest implementation-url https://github.com/netty/netty-tcnative/netty-tcnative-boringssl-static/ Low Product pom artifactid netty-tcnative-boringssl-static Highest Product pom groupid io.netty Highest Product pom name Netty/TomcatNative [BoringSSL - Static] High Product pom parent-artifactid netty-tcnative-parent Medium Version Manifest Bundle-Version 2.0.61.Final High Version Manifest Implementation-Version 2.0.61.Final High Version pom version 2.0.61.Final Highest
netty-tcnative-boringssl-static-2.0.61.Final-windows-x86_64.jar: netty_tcnative_windows_x86_64.dllFile Path: /home/runner/.m2/repository/io/netty/netty-tcnative-boringssl-static/2.0.61.Final/netty-tcnative-boringssl-static-2.0.61.Final-windows-x86_64.jar/META-INF/native/netty_tcnative_windows_x86_64.dllMD5: f40a93f73dfd0d34821cdf929cbda70dSHA1: 166aca74814793ed23db4d6284f570afb2f15e3eSHA256: ee3156fe6f4d6a27ca9370b0dfa9428d993bcd0dc03edc4d57bce594444c837fReferenced In Projects/Scopes:
shardingsphere-cluster-mode-repository-zookeeper:compile shardingsphere-agent-metrics-core:provided shardingsphere-proxy-frontend-core:runtime shardingsphere-proxy-native-distribution:compile shardingsphere-agent-tracing-core:provided shardingsphere-test-e2e-sql:compile shardingsphere-proxy-backend-hbase:compile shardingsphere-agent-logging-file:provided shardingsphere-test-e2e-fixture:compile shardingsphere-agent-plugin-core:provided shardingsphere-test-e2e-agent-plugins-zipkin:compile shardingsphere-agent-plugin-logging:provided shardingsphere-test-e2e-showprocesslist:compile shardingsphere-proxy-distribution:compile shardingsphere-infra-database-hive:provided shardingsphere-test-e2e-transaction:compile shardingsphere-agent-metrics-type:provided shardingsphere-agent-tracing-opentelemetry:provided shardingsphere-data-pipeline-opengauss:compile shardingsphere-data-pipeline-core:compile shardingsphere-test-e2e-agent-plugins-logging-file:compile shardingsphere-schedule-core:compile shardingsphere-agent-tracing-type:provided shardingsphere-proxy-frontend-spi:compile shardingsphere-agent-plugins:provided shardingsphere-agent-plugin-tracing:provided shardingsphere-test-e2e-pipeline:compile shardingsphere-proxy-backend-opengauss:compile shardingsphere-data-pipeline-scenario-consistencycheck:compile shardingsphere-test-e2e-agent-plugins-metrics-prometheus:compile shardingsphere-test-e2e-agent-plugins-jaeger:compile shardingsphere-proxy-backend-postgresql:compile shardingsphere-agent-logging-type:provided shardingsphere-data-pipeline-cdc-core:compile shardingsphere-data-pipeline-postgresql:compile shardingsphere-data-pipeline-mysql:compile shardingsphere-test-e2e-env:compile shardingsphere-proxy-frontend-opengauss:compile shardingsphere-proxy-backend-core:compile shardingsphere-test-it-pipeline:compile shardingsphere-proxy-frontend-postgresql:compile shardingsphere-agent-metrics-prometheus:provided shardingsphere-proxy-frontend-mysql:compile shardingsphere-test-e2e-agent-plugins-common:compile shardingsphere-proxy-bootstrap:compile shardingsphere-data-pipeline-distsql-handler:compile shardingsphere-agent-plugin-metrics:provided shardingsphere-data-pipeline-scenario-migration:compile shardingsphere-proxy-backend-mysql:compile Evidence Type Source Name Value Confidence Vendor file name netty_tcnative_windows_x86_64 High Product file name netty_tcnative_windows_x86_64 High
netty-tcnative-boringssl-static-2.0.61.Final.jarDescription:
A Mavenized fork of Tomcat Native which incorporates various patches. This artifact is statically linked
to BoringSSL. License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/runner/.m2/repository/io/netty/netty-tcnative-boringssl-static/2.0.61.Final/netty-tcnative-boringssl-static-2.0.61.Final.jar
MD5: 1af1e5182bc94ab5e82174bacf857e18
SHA1: 944722ba2883fe5825a0c6b38dc727d7151a9371
SHA256: b6f974972c44cd6f9cecabc255290286faac40b6393c66c3c3c0db7f421cc28e
Referenced In Projects/Scopes: shardingsphere-cluster-mode-repository-zookeeper:compile shardingsphere-agent-metrics-core:provided shardingsphere-proxy-frontend-core:runtime shardingsphere-proxy-native-distribution:compile shardingsphere-agent-tracing-core:provided shardingsphere-test-e2e-sql:compile shardingsphere-proxy-backend-hbase:compile shardingsphere-agent-logging-file:provided shardingsphere-test-e2e-fixture:compile shardingsphere-agent-plugin-core:provided shardingsphere-test-e2e-agent-plugins-zipkin:compile shardingsphere-agent-plugin-logging:provided shardingsphere-test-e2e-showprocesslist:compile shardingsphere-proxy-distribution:compile shardingsphere-infra-database-hive:provided shardingsphere-test-e2e-transaction:compile shardingsphere-agent-metrics-type:provided shardingsphere-agent-tracing-opentelemetry:provided shardingsphere-data-pipeline-opengauss:compile shardingsphere-data-pipeline-core:compile shardingsphere-test-e2e-agent-plugins-logging-file:compile shardingsphere-schedule-core:compile shardingsphere-agent-tracing-type:provided shardingsphere-proxy-frontend-spi:compile shardingsphere-agent-plugins:provided shardingsphere-agent-plugin-tracing:provided shardingsphere-test-e2e-pipeline:compile shardingsphere-proxy-backend-opengauss:compile shardingsphere-data-pipeline-scenario-consistencycheck:compile shardingsphere-test-e2e-agent-plugins-metrics-prometheus:compile shardingsphere-test-e2e-agent-plugins-jaeger:compile shardingsphere-proxy-backend-postgresql:compile shardingsphere-agent-logging-type:provided shardingsphere-data-pipeline-cdc-core:compile shardingsphere-data-pipeline-postgresql:compile shardingsphere-data-pipeline-mysql:compile shardingsphere-test-e2e-env:compile shardingsphere-proxy-frontend-opengauss:compile shardingsphere-proxy-backend-core:compile shardingsphere-test-it-pipeline:compile shardingsphere-proxy-frontend-postgresql:compile shardingsphere-agent-metrics-prometheus:provided shardingsphere-proxy-frontend-mysql:compile shardingsphere-test-e2e-agent-plugins-common:compile shardingsphere-proxy-bootstrap:compile shardingsphere-data-pipeline-distsql-handler:compile shardingsphere-agent-plugin-metrics:provided shardingsphere-data-pipeline-scenario-migration:compile shardingsphere-proxy-backend-mysql:compile netty-tcnative-boringssl-static-2.0.61.Final.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-env@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-bootstrap@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-postgresql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere.elasticjob/elasticjob-lite-core@3.0.4 pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-bootstrap@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-core@5.5.1-SNAPSHOT pkg:maven/org.apache.hive/hive-jdbc@3.1.3 pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-fixture@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-cluster-mode-repository-zookeeper@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-postgresql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-common@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-env@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-fixture@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-common@5.5.1-SNAPSHOT pkg:maven/org.apache.curator/curator-client@5.6.0 pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-common@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-bootstrap@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-scenario-consistencycheck@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-common@5.5.1-SNAPSHOT pkg:maven/org.apache.curator/curator-test@5.6.0 pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-mysql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT Evidence Type Source Name Value Confidence Vendor file name netty-tcnative-boringssl-static High Vendor Manifest automatic-module-name io.netty.internal.tcnative.openssl.osx.x86_64 Medium Vendor Manifest build-jdk-spec 1.8 Low Vendor Manifest bundle-docurl https://netty.io/ Low Vendor Manifest bundle-symbolicname io.netty.tcnative-boringssl-static Medium Vendor Manifest fragment-host io.netty.tcnative-classes Low Vendor Manifest implementation-url https://github.com/netty/netty-tcnative/netty-tcnative-boringssl-static/ Low Vendor Manifest Implementation-Vendor The Netty Project High Vendor Manifest Implementation-Vendor-Id io.netty Medium Vendor pom artifactid netty-tcnative-boringssl-static Highest Vendor pom artifactid netty-tcnative-boringssl-static Low Vendor pom developer email netty@googlegroups.com Low Vendor pom developer id netty.io Medium Vendor pom developer name The Netty Project Contributors Medium Vendor pom developer org The Netty Project Medium Vendor pom developer org URL https://netty.io/ Medium Vendor pom groupid io.netty Highest Vendor pom name Netty/TomcatNative [BoringSSL - Static] High Vendor pom url netty/netty-tcnative/netty-tcnative-boringssl-static/ Highest Product file name netty-tcnative-boringssl-static High Product Manifest automatic-module-name io.netty.internal.tcnative.openssl.osx.x86_64 Medium Product Manifest build-jdk-spec 1.8 Low Product Manifest bundle-docurl https://netty.io/ Low Product Manifest Bundle-Name Netty/TomcatNative [BoringSSL - Static] Medium Product Manifest bundle-symbolicname io.netty.tcnative-boringssl-static Medium Product Manifest fragment-host io.netty.tcnative-classes Low Product Manifest Implementation-Title Netty/TomcatNative [BoringSSL - Static] High Product Manifest implementation-url https://github.com/netty/netty-tcnative/netty-tcnative-boringssl-static/ Low Product pom artifactid netty-tcnative-boringssl-static Highest Product pom developer email netty@googlegroups.com Low Product pom developer id netty.io Low Product pom developer name The Netty Project Contributors Low Product pom developer org The Netty Project Low Product pom developer org URL https://netty.io/ Low Product pom groupid io.netty Highest Product pom name Netty/TomcatNative [BoringSSL - Static] High Product pom url netty/netty-tcnative/netty-tcnative-boringssl-static/ High Version Manifest Bundle-Version 2.0.61.Final High Version Manifest Implementation-Version 2.0.61.Final High Version pom version 2.0.61.Final Highest
netty-tcnative-classes-2.0.61.Final.jarDescription:
A Mavenized fork of Tomcat Native which incorporates various patches. This artifact is dynamically linked
to OpenSSL.
License:
http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/runner/.m2/repository/io/netty/netty-tcnative-classes/2.0.61.Final/netty-tcnative-classes-2.0.61.Final.jar
MD5: 8f3edcd3825d2aedf3ae6332bd7ff039
SHA1: 4c6ae851ed97921bc6c6b64e019c2b039f49131a
SHA256: 9b970eccd844bfae175a5cbbf7bf94891894add06d6ccbe1abf2250cd64080f6
Referenced In Projects/Scopes: shardingsphere-cluster-mode-repository-zookeeper:compile shardingsphere-agent-metrics-core:provided shardingsphere-proxy-frontend-core:runtime shardingsphere-proxy-native-distribution:compile shardingsphere-agent-tracing-core:provided shardingsphere-test-e2e-sql:compile shardingsphere-proxy-backend-hbase:compile shardingsphere-agent-logging-file:provided shardingsphere-test-e2e-fixture:compile shardingsphere-agent-plugin-core:provided shardingsphere-test-e2e-agent-plugins-zipkin:compile shardingsphere-agent-plugin-logging:provided shardingsphere-test-e2e-showprocesslist:compile shardingsphere-proxy-distribution:compile shardingsphere-infra-database-hive:provided shardingsphere-test-e2e-transaction:compile shardingsphere-agent-metrics-type:provided shardingsphere-agent-tracing-opentelemetry:provided shardingsphere-data-pipeline-opengauss:compile shardingsphere-data-pipeline-core:compile shardingsphere-test-e2e-agent-plugins-logging-file:compile shardingsphere-schedule-core:compile shardingsphere-agent-tracing-type:provided shardingsphere-proxy-frontend-spi:compile shardingsphere-agent-plugins:provided shardingsphere-agent-plugin-tracing:provided shardingsphere-test-e2e-pipeline:compile shardingsphere-proxy-backend-opengauss:compile shardingsphere-data-pipeline-scenario-consistencycheck:compile shardingsphere-test-e2e-agent-plugins-metrics-prometheus:compile shardingsphere-test-e2e-agent-plugins-jaeger:compile shardingsphere-proxy-backend-postgresql:compile shardingsphere-agent-logging-type:provided shardingsphere-data-pipeline-cdc-core:compile shardingsphere-data-pipeline-postgresql:compile shardingsphere-data-pipeline-mysql:compile shardingsphere-test-e2e-env:compile shardingsphere-proxy-frontend-opengauss:compile shardingsphere-proxy-backend-core:compile shardingsphere-test-it-pipeline:compile shardingsphere-proxy-frontend-postgresql:compile shardingsphere-agent-metrics-prometheus:provided shardingsphere-proxy-frontend-mysql:compile shardingsphere-test-e2e-agent-plugins-common:compile shardingsphere-proxy-bootstrap:compile shardingsphere-data-pipeline-distsql-handler:compile shardingsphere-agent-plugin-metrics:provided shardingsphere-data-pipeline-scenario-migration:compile shardingsphere-proxy-backend-mysql:compile netty-tcnative-classes-2.0.61.Final.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-bootstrap@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-common@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-bootstrap@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-common@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.curator/curator-test@5.6.0 pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-env@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-env@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere.elasticjob/elasticjob-lite-core@3.0.4 pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-common@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-mysql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.hive/hive-jdbc@3.1.3 pkg:maven/org.apache.shardingsphere/shardingsphere-cluster-mode-repository-zookeeper@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-scenario-consistencycheck@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-postgresql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-fixture@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-common@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-postgresql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-bootstrap@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-fixture@5.5.1-SNAPSHOT pkg:maven/org.apache.curator/curator-client@5.6.0 pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/io.netty/netty-tcnative-boringssl-static@2.0.61.Final Evidence Type Source Name Value Confidence Vendor file name netty-tcnative-classes High Vendor jar package name io Highest Vendor jar package name netty Highest Vendor jar package name tcnative Highest Vendor Manifest automatic-module-name io.netty.tcnative.classes.openssl Medium Vendor Manifest build-jdk-spec 1.8 Low Vendor Manifest bundle-docurl https://netty.io/ Low Vendor Manifest bundle-symbolicname io.netty.tcnative-classes Medium Vendor Manifest implementation-url https://github.com/netty/netty-tcnative/netty-tcnative-classes/ Low Vendor Manifest Implementation-Vendor The Netty Project High Vendor Manifest Implementation-Vendor-Id io.netty Medium Vendor pom artifactid netty-tcnative-classes Highest Vendor pom artifactid netty-tcnative-classes Low Vendor pom groupid io.netty Highest Vendor pom name Netty/TomcatNative [OpenSSL - Classes] High Vendor pom parent-artifactid netty-tcnative-parent Low Product file name netty-tcnative-classes High Product jar package name io Highest Product jar package name netty Highest Product jar package name tcnative Highest Product Manifest automatic-module-name io.netty.tcnative.classes.openssl Medium Product Manifest build-jdk-spec 1.8 Low Product Manifest bundle-docurl https://netty.io/ Low Product Manifest Bundle-Name Netty/TomcatNative [OpenSSL - Classes] Medium Product Manifest bundle-symbolicname io.netty.tcnative-classes Medium Product Manifest Implementation-Title Netty/TomcatNative [OpenSSL - Classes] High Product Manifest implementation-url https://github.com/netty/netty-tcnative/netty-tcnative-classes/ Low Product pom artifactid netty-tcnative-classes Highest Product pom groupid io.netty Highest Product pom name Netty/TomcatNative [OpenSSL - Classes] High Product pom parent-artifactid netty-tcnative-parent Medium Version Manifest Bundle-Version 2.0.61.Final High Version Manifest Implementation-Version 2.0.61.Final High Version pom version 2.0.61.Final Highest
netty-transport-4.1.106.Final.jar objenesis-3.3.jarDescription:
A library for instantiating Java objects License:
http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/runner/.m2/repository/org/objenesis/objenesis/3.3/objenesis-3.3.jar
MD5: ab0e0b2ab81affdd7f38bcc60fd85571
SHA1: 1049c09f1de4331e8193e579448d0916d75b7631
SHA256: 02dfd0b0439a5591e35b708ed2f5474eb0948f53abf74637e959b8e4ef69bfeb
Referenced In Projects/Scopes: shardingsphere-test-util:runtime shardingsphere-test-it-parser:runtime shardingsphere-test-fixture-infra:runtime shardingsphere-test-fixture-database:runtime objenesis-3.3.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.mockito/mockito-core@4.11.0 pkg:maven/org.mockito/mockito-core@4.11.0 pkg:maven/org.mockito/mockito-core@4.11.0 pkg:maven/org.mockito/mockito-core@4.11.0 Evidence Type Source Name Value Confidence Vendor file name objenesis High Vendor jar package name objenesis Highest Vendor Manifest automatic-module-name org.objenesis Medium Vendor Manifest build-jdk-spec 1.8 Low Vendor Manifest bundle-symbolicname org.objenesis Medium Vendor Manifest Implementation-Vendor Joe Walnes, Henri Tremblay, Leonardo Mesquita High Vendor Manifest specification-vendor Joe Walnes, Henri Tremblay, Leonardo Mesquita Low Vendor pom artifactid objenesis Highest Vendor pom artifactid objenesis Low Vendor pom groupid org.objenesis Highest Vendor pom name Objenesis High Vendor pom parent-artifactid objenesis-parent Low Product file name objenesis High Product jar package name objenesis Highest Product Manifest automatic-module-name org.objenesis Medium Product Manifest build-jdk-spec 1.8 Low Product Manifest Bundle-Name Objenesis Medium Product Manifest bundle-symbolicname org.objenesis Medium Product Manifest Implementation-Title Objenesis High Product Manifest specification-title Objenesis Medium Product pom artifactid objenesis Highest Product pom groupid org.objenesis Highest Product pom name Objenesis High Product pom parent-artifactid objenesis-parent Medium Version file version 3.3 High Version Manifest Implementation-Version 3.3 High Version pom version 3.3 Highest
okhttp-4.12.0.jarDescription:
Square’s meticulous HTTP client for Java and Kotlin. License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/runner/.m2/repository/com/squareup/okhttp3/okhttp/4.12.0/okhttp-4.12.0.jar
MD5: 6acba053af88fed87e710c6c29911d7c
SHA1: 2f4525d4a200e97e1b87449c2cd9bd2e25b7e8cd
SHA256: b1050081b14bb7a3a7e55a4d3ef01b5dcfabc453b4573a4fc019767191d5f4e0
Referenced In Projects/Scopes: shardingsphere-test-e2e-agent-plugins-common:compile shardingsphere-test-e2e-agent-plugins-metrics-prometheus:compile shardingsphere-test-e2e-agent-plugins-jaeger:compile shardingsphere-agent-tracing-opentelemetry:compile shardingsphere-test-e2e-agent-plugins-zipkin:compile shardingsphere-agent-distribution:compile shardingsphere-test-e2e-agent-plugins-logging-file:compile okhttp-4.12.0.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-common@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-tracing-opentelemetry@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-common@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-common@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-common@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-common@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-tracing-opentelemetry@5.5.1-SNAPSHOT Evidence Type Source Name Value Confidence Vendor file name okhttp High Vendor jar package name http Highest Vendor jar package name okhttp Highest Vendor jar package name okhttp3 Highest Vendor Manifest automatic-module-name okhttp3 Medium Vendor pom artifactid okhttp Highest Vendor pom artifactid okhttp Low Vendor pom developer name Square, Inc. Medium Vendor pom groupid com.squareup.okhttp3 Highest Vendor pom name okhttp High Vendor pom url https://square.github.io/okhttp/ Highest Product file name okhttp High Product jar package name http Highest Product jar package name okhttp Highest Product jar package name okhttp3 Highest Product Manifest automatic-module-name okhttp3 Medium Product pom artifactid okhttp Highest Product pom developer name Square, Inc. Low Product pom groupid com.squareup.okhttp3 Highest Product pom name okhttp High Product pom url https://square.github.io/okhttp/ Medium Version file version 4.12.0 High Version pom version 4.12.0 Highest
okio-3.6.0.jarDescription:
A modern I/O library for Android, Java, and Kotlin Multiplatform. License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/runner/.m2/repository/com/squareup/okio/okio/3.6.0/okio-3.6.0.jar
MD5: 990f7b25bbd4fee8787ffabf89aa229f
SHA1: 8bf9683c80762d7dd47db12b68e99abea2a7ae05
SHA256: 8e63292e5c53bb93c4a6b0c213e79f15990fed250c1340f1c343880e1c9c39b5
Referenced In Projects/Scopes: shardingsphere-test-e2e-agent-plugins-common:compile shardingsphere-test-e2e-agent-plugins-metrics-prometheus:compile shardingsphere-test-e2e-agent-plugins-jaeger:compile shardingsphere-agent-tracing-opentelemetry:compile shardingsphere-test-e2e-agent-plugins-zipkin:compile shardingsphere-agent-distribution:compile shardingsphere-test-e2e-agent-plugins-logging-file:compile okio-3.6.0.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-common@5.5.1-SNAPSHOT pkg:maven/com.squareup.okhttp3/okhttp@4.12.0 pkg:maven/org.apache.shardingsphere/shardingsphere-agent-tracing-opentelemetry@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-common@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-common@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-common@5.5.1-SNAPSHOT pkg:maven/com.squareup.okhttp3/okhttp@4.12.0 Evidence Type Source Name Value Confidence Vendor file name okio High Vendor pom artifactid okio Highest Vendor pom artifactid okio Low Vendor pom developer id square Medium Vendor pom developer name Square, Inc. Medium Vendor pom groupid com.squareup.okio Highest Vendor pom name okio High Vendor pom url square/okio/ Highest Product file name okio High Product pom artifactid okio Highest Product pom developer id square Low Product pom developer name Square, Inc. Low Product pom groupid com.squareup.okio Highest Product pom name okio High Product pom url square/okio/ High Version file version 3.6.0 High Version pom version 3.6.0 Highest
Related Dependencies okio-jvm-3.6.0.jarFile Path: /home/runner/.m2/repository/com/squareup/okio/okio-jvm/3.6.0/okio-jvm-3.6.0.jar MD5: 26370180ff99a7e8a12dcaac2a70cc6e SHA1: 5600569133b7bdefe1daf9ec7f4abeb6d13e1786 SHA256: 67543f0736fc422ae927ed0e504b98bc5e269fda0d3500579337cb713da28412 pkg:maven/com.squareup.okio/okio-jvm@3.6.0 opengauss-jdbc-3.1.0-og.jarDescription:
Java JDBC driver for openGauss License:
BSD-2-Clause: https://jdbc.postgresql.org/about/license.html File Path: /home/runner/.m2/repository/org/opengauss/opengauss-jdbc/3.1.0-og/opengauss-jdbc-3.1.0-og.jar
MD5: eda19ba765c933429299489099f8bac5
SHA1: b0a44b57414d3b922ed0200c56854c3cb3ddddee
SHA256: efeea4ce6f5b404357b26fc598f8aec9957a3bf6831c982c41e5da980ff6a10e
Referenced In Projects/Scopes: shardingsphere-opengauss-protocol:provided shardingsphere-proxy-native-distribution:runtime shardingsphere-test-e2e-fixture:runtime shardingsphere-proxy-bootstrap:runtime shardingsphere-proxy-frontend-opengauss:provided shardingsphere-data-pipeline-opengauss:provided shardingsphere-proxy-distribution:runtime opengauss-jdbc-3.1.0-og.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-native-distribution@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-opengauss-protocol@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-bootstrap@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-opengauss@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-opengauss@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-distribution@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-fixture@5.5.1-SNAPSHOT Evidence Type Source Name Value Confidence Vendor file name opengauss-jdbc High Vendor jar package name driver Highest Vendor jar package name jdbc Highest Vendor jar package name opengauss Highest Vendor jar package name opengauss Low Vendor pom artifactid opengauss-jdbc Highest Vendor pom artifactid opengauss-jdbc Low Vendor pom groupid org.opengauss Highest Vendor pom name openGauss JDBC Driver High Vendor pom organization name openGauss High Vendor pom organization url https://opengauss.org/ Medium Vendor pom url https://gitee.com/opengauss/openGauss-connector-jdbc Highest Product file name opengauss-jdbc High Product jar package name driver Highest Product jar package name jdbc Highest Product jar package name opengauss Highest Product pom artifactid opengauss-jdbc Highest Product pom groupid org.opengauss Highest Product pom name openGauss JDBC Driver High Product pom organization name openGauss Low Product pom organization url https://opengauss.org/ Low Product pom url https://gitee.com/opengauss/openGauss-connector-jdbc Medium Version pom version 3.1.0-og Highest
opentelemetry-api-1.31.0.jarDescription:
OpenTelemetry API License:
The Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/runner/.m2/repository/io/opentelemetry/opentelemetry-api/1.31.0/opentelemetry-api-1.31.0.jar
MD5: 61fe8d718407efd06751a37511a8b108
SHA1: bb24a44d73484c681c236aed84fe6c28d17f30e2
SHA256: 7de2c7268850a9c1bae4401cf264febb871d811c6be8e5b3fb2cae52886e8ec1
Referenced In Projects/Scopes: shardingsphere-agent-tracing-opentelemetry:compile shardingsphere-agent-distribution:compile opentelemetry-api-1.31.0.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.shardingsphere/shardingsphere-agent-tracing-opentelemetry@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-tracing-opentelemetry@5.5.1-SNAPSHOT Evidence Type Source Name Value Confidence Vendor file name opentelemetry-api High Vendor jar package name api Highest Vendor jar package name io Highest Vendor jar package name opentelemetry Highest Vendor Manifest automatic-module-name io.opentelemetry.api Medium Vendor pom artifactid opentelemetry-api Highest Vendor pom artifactid opentelemetry-api Low Vendor pom developer id opentelemetry Medium Vendor pom developer name OpenTelemetry Medium Vendor pom groupid io.opentelemetry Highest Vendor pom name OpenTelemetry Java High Vendor pom url open-telemetry/opentelemetry-java Highest Product file name opentelemetry-api High Product jar package name api Highest Product jar package name io Highest Product jar package name opentelemetry Highest Product Manifest automatic-module-name io.opentelemetry.api Medium Product Manifest Implementation-Title all High Product pom artifactid opentelemetry-api Highest Product pom developer id opentelemetry Low Product pom developer name OpenTelemetry Low Product pom groupid io.opentelemetry Highest Product pom name OpenTelemetry Java High Product pom url open-telemetry/opentelemetry-java High Version file version 1.31.0 High Version Manifest Implementation-Version 1.31.0 High Version pom version 1.31.0 Highest
Related Dependencies opentelemetry-context-1.31.0.jarFile Path: /home/runner/.m2/repository/io/opentelemetry/opentelemetry-context/1.31.0/opentelemetry-context-1.31.0.jar MD5: 17ba793f58aa9331f1e3b2a4ad1d11d1 SHA1: b8004737f7a970124e36ac71fde8eb88423e8cee SHA256: 664896a5c34bcda20c95c8f45198a95e8f97a1cd5e5c2923978f42dddada787d pkg:maven/io.opentelemetry/opentelemetry-context@1.31.0 opentelemetry-exporter-common-1.31.0.jarFile Path: /home/runner/.m2/repository/io/opentelemetry/opentelemetry-exporter-common/1.31.0/opentelemetry-exporter-common-1.31.0.jar MD5: d3baca592d1cfeadeaa29472f79a069f SHA1: b7b4baf5f9af72d5eb8a231dfb114ae31c57150d SHA256: d6b5ea600cfcf2a28598d72db5be79d1df7e6586e72d13d19e03dbd0ae19e2d7 pkg:maven/io.opentelemetry/opentelemetry-exporter-common@1.31.0 opentelemetry-exporter-jaeger-1.31.0.jarFile Path: /home/runner/.m2/repository/io/opentelemetry/opentelemetry-exporter-jaeger/1.31.0/opentelemetry-exporter-jaeger-1.31.0.jar MD5: d2bf12088b0885b18ebd567d66da807c SHA1: dbabe9c001ba5ae7593df90c583b5360cd3187da SHA256: 975519c288bd9aa00343143c1edc9fe3e268f3adf6730085488876ed7387133f pkg:maven/io.opentelemetry/opentelemetry-exporter-jaeger@1.31.0 opentelemetry-exporter-otlp-1.31.0.jarFile Path: /home/runner/.m2/repository/io/opentelemetry/opentelemetry-exporter-otlp/1.31.0/opentelemetry-exporter-otlp-1.31.0.jar MD5: fa545c2e9551678acf22d4a25ec92caa SHA1: b6454464425dfd81519070caeca3824558a2f1ae SHA256: fbbc27c414622d024f418f2267f0d4ce747ebeed5e47fef5a22bc9dfb1848a51 pkg:maven/io.opentelemetry/opentelemetry-exporter-otlp@1.31.0 opentelemetry-exporter-otlp-common-1.31.0.jarFile Path: /home/runner/.m2/repository/io/opentelemetry/opentelemetry-exporter-otlp-common/1.31.0/opentelemetry-exporter-otlp-common-1.31.0.jar MD5: e24e023c40b33b2114a0b549eda24668 SHA1: d8c22b6851bbc3dbf5d2387b9bde158ed5416ba4 SHA256: b13800f949159d7180a88cd19493c0a904f9e4142b1631c27255fecd5f194a01 pkg:maven/io.opentelemetry/opentelemetry-exporter-otlp-common@1.31.0 opentelemetry-exporter-sender-okhttp-1.31.0.jarFile Path: /home/runner/.m2/repository/io/opentelemetry/opentelemetry-exporter-sender-okhttp/1.31.0/opentelemetry-exporter-sender-okhttp-1.31.0.jar MD5: d18cd1591f800a8874e2810efc32fec1 SHA1: dd209381d58cfe81a989e29c9ca26d97c8dabd7a SHA256: e46f8ebaa40ebbe76fbfacde659f42742ead8d5ae3bdcfb0f25c5b170e6b4594 pkg:maven/io.opentelemetry/opentelemetry-exporter-sender-okhttp@1.31.0 opentelemetry-exporter-zipkin-1.31.0.jarFile Path: /home/runner/.m2/repository/io/opentelemetry/opentelemetry-exporter-zipkin/1.31.0/opentelemetry-exporter-zipkin-1.31.0.jar MD5: cf78a5f47beb4e87bd724dfd35272ecd SHA1: eabce38bfb5e47ce494a9d559374b0f52d704056 SHA256: 6e3cd4439c4fcdf55c258cd59a765516a724695a054320525e44f12001cbed85 pkg:maven/io.opentelemetry/opentelemetry-exporter-zipkin@1.31.0 opentelemetry-sdk-1.31.0.jarFile Path: /home/runner/.m2/repository/io/opentelemetry/opentelemetry-sdk/1.31.0/opentelemetry-sdk-1.31.0.jar MD5: 16665c80b76a3a26c93077f49a20f9ba SHA1: 2b2093be08a09ac536292bf6cecf8129cc7fb191 SHA256: b25354f3a3027d3007dea126dd920f7ff82130c32bd5d90094931a59a70de569 pkg:maven/io.opentelemetry/opentelemetry-sdk@1.31.0 opentelemetry-sdk-common-1.31.0.jarFile Path: /home/runner/.m2/repository/io/opentelemetry/opentelemetry-sdk-common/1.31.0/opentelemetry-sdk-common-1.31.0.jar MD5: 6d045b1e3e5f63622e1d301f5efab917 SHA1: f492528288236e097e12fc1c45963dd82c70d33c SHA256: a06bbe896838fd95c1fac5488ca4bc2aeb6a20aaba04fb171aee9e11400639ba pkg:maven/io.opentelemetry/opentelemetry-sdk-common@1.31.0 opentelemetry-sdk-extension-autoconfigure-1.31.0.jarFile Path: /home/runner/.m2/repository/io/opentelemetry/opentelemetry-sdk-extension-autoconfigure/1.31.0/opentelemetry-sdk-extension-autoconfigure-1.31.0.jar MD5: bbc29137ec5b1c3e2dd6b7503bff243e SHA1: 178efb4a6102afa581307038f609324ed4418025 SHA256: 819a6c5824b01b6f2d2abe590a917a892ee91380778ea4b4673d80f35d9cd902 pkg:maven/io.opentelemetry/opentelemetry-sdk-extension-autoconfigure@1.31.0 opentelemetry-sdk-extension-autoconfigure-spi-1.31.0.jarFile Path: /home/runner/.m2/repository/io/opentelemetry/opentelemetry-sdk-extension-autoconfigure-spi/1.31.0/opentelemetry-sdk-extension-autoconfigure-spi-1.31.0.jar MD5: ae24dae654d97175c72b752f8c652779 SHA1: 80acc40893fd00b56eee2acd145dbbd560173265 SHA256: e512ca9b23005bf9b8a147487bbbaaf87a8957e642a3330984214ae0dab550fc pkg:maven/io.opentelemetry/opentelemetry-sdk-extension-autoconfigure-spi@1.31.0 opentelemetry-sdk-logs-1.31.0.jarFile Path: /home/runner/.m2/repository/io/opentelemetry/opentelemetry-sdk-logs/1.31.0/opentelemetry-sdk-logs-1.31.0.jar MD5: 418e9f799c99be3fb591b3cf739d0ed8 SHA1: a63a203d3dc6f8875f8c26b9e3b522dc9a3f6280 SHA256: dab93a074f5a8eae03a7c4984aa90ba0d3f2cc8b015e061b585d820c3d0151d2 pkg:maven/io.opentelemetry/opentelemetry-sdk-logs@1.31.0 opentelemetry-sdk-metrics-1.31.0.jarFile Path: /home/runner/.m2/repository/io/opentelemetry/opentelemetry-sdk-metrics/1.31.0/opentelemetry-sdk-metrics-1.31.0.jar MD5: c1e78280a4fe266e94daa5a7b68bc0ab SHA1: 47cc23762fae728d68e4fda1dfb71986ae0b8b3e SHA256: 641b2ff8a9871f167f007be87bb0d4d66da5e0e8e1373698b3b08782285e4860 pkg:maven/io.opentelemetry/opentelemetry-sdk-metrics@1.31.0 opentelemetry-sdk-trace-1.31.0.jarFile Path: /home/runner/.m2/repository/io/opentelemetry/opentelemetry-sdk-trace/1.31.0/opentelemetry-sdk-trace-1.31.0.jar MD5: 395890d991931c195bacd0d97ad0b713 SHA1: a3941197cfb8ae9eb9e482073480c0c3918b746c SHA256: e78062c470400d6d5e0566fd24e1e048c874fa27a555c0d2b36ad0294af85cab pkg:maven/io.opentelemetry/opentelemetry-sdk-trace@1.31.0 opentelemetry-api-events-1.31.0-alpha.jarDescription:
OpenTelemetry Events API License:
The Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/runner/.m2/repository/io/opentelemetry/opentelemetry-api-events/1.31.0-alpha/opentelemetry-api-events-1.31.0-alpha.jar
MD5: f011ae1a6fb137b91def6729d11877bd
SHA1: 537183c5cd8fa7ebf520c0887c4ffb8a450913fe
SHA256: 64637b7b3b0f45ed73e4f008efcb8117d40b4fc1174e9b2d320ec0b2e4657c86
Referenced In Projects/Scopes: shardingsphere-agent-distribution:runtime shardingsphere-agent-tracing-opentelemetry:runtime opentelemetry-api-events-1.31.0-alpha.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.shardingsphere/shardingsphere-agent-tracing-opentelemetry@5.5.1-SNAPSHOT pkg:maven/io.opentelemetry/opentelemetry-sdk-extension-autoconfigure@1.31.0 Evidence Type Source Name Value Confidence Vendor file name opentelemetry-api-events High Vendor jar package name api Highest Vendor jar package name events Highest Vendor jar package name io Highest Vendor jar package name opentelemetry Highest Vendor Manifest automatic-module-name io.opentelemetry.api.events Medium Vendor pom artifactid opentelemetry-api-events Highest Vendor pom artifactid opentelemetry-api-events Low Vendor pom developer id opentelemetry Medium Vendor pom developer name OpenTelemetry Medium Vendor pom groupid io.opentelemetry Highest Vendor pom name OpenTelemetry Java High Vendor pom url open-telemetry/opentelemetry-java Highest Product file name opentelemetry-api-events High Product jar package name api Highest Product jar package name events Highest Product jar package name io Highest Product jar package name opentelemetry Highest Product Manifest automatic-module-name io.opentelemetry.api.events Medium Product Manifest Implementation-Title events High Product pom artifactid opentelemetry-api-events Highest Product pom developer id opentelemetry Low Product pom developer name OpenTelemetry Low Product pom groupid io.opentelemetry Highest Product pom name OpenTelemetry Java High Product pom url open-telemetry/opentelemetry-java High Version Manifest Implementation-Version 1.31.0-alpha High Version pom version 1.31.0-alpha Highest
Related Dependencies opentelemetry-extension-incubator-1.31.0-alpha.jarFile Path: /home/runner/.m2/repository/io/opentelemetry/opentelemetry-extension-incubator/1.31.0-alpha/opentelemetry-extension-incubator-1.31.0-alpha.jar MD5: bf6b39452324bc7f08754fe1b915a0f9 SHA1: 6c9f5c063309d92b6dd28bff0667f54b63afd36f SHA256: 098a9596819709ac613ce2d72ea8ef5562fd27694372a59eb4fb4591a6a7fbf8 pkg:maven/io.opentelemetry/opentelemetry-extension-incubator@1.31.0-alpha opentelemetry-sdk-trace-1.31.0.jar (shaded: org.jctools:jctools-core:4.0.1)Description:
Java Concurrency Tools Core Library License:
Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/runner/.m2/repository/io/opentelemetry/opentelemetry-sdk-trace/1.31.0/opentelemetry-sdk-trace-1.31.0.jar/META-INF/maven/org.jctools/jctools-core/pom.xml
MD5: 7fb9d1854b8d9edeeb390b2f96c20139
SHA1: 36438c3a559a6df49dcae1401fdfca72f4e3d615
SHA256: 5497e5733a07eb6b0fa5eba326f8bc831f96a601fadde388cab58c63d139b45f
Referenced In Projects/Scopes: shardingsphere-agent-tracing-opentelemetry:compile shardingsphere-agent-distribution:compile Evidence Type Source Name Value Confidence Vendor pom artifactid jctools-core Low Vendor pom groupid org.jctools Highest Vendor pom name Java Concurrency Tools Core Library High Vendor pom url JCTools Highest Product pom artifactid jctools-core Highest Product pom groupid org.jctools Highest Product pom name Java Concurrency Tools Core Library High Product pom url JCTools High Version pom version 4.0.1 Highest
opentest4j-1.3.0.jarDescription:
Open Test Alliance for the JVM License:
The Apache License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/runner/.m2/repository/org/opentest4j/opentest4j/1.3.0/opentest4j-1.3.0.jar
MD5: 03c404f727531f3fd3b4c73997899327
SHA1: 152ea56b3a72f655d4fd677fc0ef2596c3dd5e6e
SHA256: 48e2df636cab6563ced64dcdff8abb2355627cb236ef0bf37598682ddf742f1b
Referenced In Projects/Scopes: shardingsphere-test-it-parser:compile shardingsphere-test-util:compile shardingsphere-test-it-yaml:compile opentest4j-1.3.0.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.junit.jupiter/junit-jupiter-api@5.10.2 pkg:maven/org.junit.jupiter/junit-jupiter-api@5.10.2 pkg:maven/org.junit.jupiter/junit-jupiter-api@5.10.2 Evidence Type Source Name Value Confidence Vendor file name opentest4j High Vendor jar package name opentest4j Highest Vendor Manifest build-date 2023-07-06 Low Vendor Manifest build-revision 214973bfa4e7e9be7d04e623202cc4147c7036d2 Low Vendor Manifest build-time 14:25:06.116+0200 Low Vendor Manifest bundle-symbolicname org.opentest4j Medium Vendor Manifest Implementation-Vendor opentest4j.org High Vendor Manifest specification-vendor opentest4j.org Low Vendor pom artifactid opentest4j Highest Vendor pom artifactid opentest4j Low Vendor pom developer email business@johanneslink.net Low Vendor pom developer email mail@marcphilipp.de Low Vendor pom developer email matthias.merdes@heidelpay.com Low Vendor pom developer email sam@sambrannen.com Low Vendor pom developer email stefan.bechtold@me.com Low Vendor pom developer id bechte Medium Vendor pom developer id jlink Medium Vendor pom developer id marcphilipp Medium Vendor pom developer id mmerdes Medium Vendor pom developer id sbrannen Medium Vendor pom developer name Johannes Link Medium Vendor pom developer name Marc Philipp Medium Vendor pom developer name Matthias Merdes Medium Vendor pom developer name Sam Brannen Medium Vendor pom developer name Stefan Bechtold Medium Vendor pom groupid org.opentest4j Highest Vendor pom name org.opentest4j:opentest4j High Vendor pom url ota4j-team/opentest4j Highest Product file name opentest4j High Product jar package name opentest4j Highest Product Manifest build-date 2023-07-06 Low Product Manifest build-revision 214973bfa4e7e9be7d04e623202cc4147c7036d2 Low Product Manifest build-time 14:25:06.116+0200 Low Product Manifest Bundle-Name opentest4j Medium Product Manifest bundle-symbolicname org.opentest4j Medium Product Manifest Implementation-Title opentest4j High Product Manifest specification-title opentest4j Medium Product pom artifactid opentest4j Highest Product pom developer email business@johanneslink.net Low Product pom developer email mail@marcphilipp.de Low Product pom developer email matthias.merdes@heidelpay.com Low Product pom developer email sam@sambrannen.com Low Product pom developer email stefan.bechtold@me.com Low Product pom developer id bechte Low Product pom developer id jlink Low Product pom developer id marcphilipp Low Product pom developer id mmerdes Low Product pom developer id sbrannen Low Product pom developer name Johannes Link Low Product pom developer name Marc Philipp Low Product pom developer name Matthias Merdes Low Product pom developer name Sam Brannen Low Product pom developer name Stefan Bechtold Low Product pom groupid org.opentest4j Highest Product pom name org.opentest4j:opentest4j High Product pom url ota4j-team/opentest4j High Version file version 1.3.0 High Version Manifest Bundle-Version 1.3.0 High Version Manifest Implementation-Version 1.3.0 High Version pom version 1.3.0 Highest
org.abego.treelayout.core-1.0.3.jarDescription:
Efficient and customizable TreeLayout Algorithm in Java. License:
BSD 3-Clause "New" or "Revised" License (BSD-3-Clause): http://www.abego-software.de/legal/apl-v10.html File Path: /home/runner/.m2/repository/org/abego/treelayout/org.abego.treelayout.core/1.0.3/org.abego.treelayout.core-1.0.3.jar
MD5: 9c8cefab6360a672565370d5311f0f3c
SHA1: 457216e8e6578099ae63667bb1e4439235892028
SHA256: fa5e31395c39c2e7d46aca0f81f72060931607b2fa41bd36038eb2cb6fb93326
Referenced In Project/Scope: shardingsphere-transaction-base-seata-at:provided
org.abego.treelayout.core-1.0.3.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/io.seata/seata-all@2.0.0
Evidence Type Source Name Value Confidence Vendor file name org.abego.treelayout.core High Vendor jar package name abego Highest Vendor jar package name treelayout Highest Vendor Manifest bundle-docurl http://abego-software.de Low Vendor Manifest bundle-symbolicname org.abego.treelayout.core Medium Vendor Manifest Implementation-Vendor abego Software GmbH, Germany High Vendor Manifest Implementation-Vendor-Id org.abego.treelayout Medium Vendor Manifest specification-vendor abego Software GmbH, Germany Low Vendor pom artifactid abego.treelayout.core Low Vendor pom artifactid org.abego.treelayout.core Highest Vendor pom developer email ub@abego.org Low Vendor pom developer id ub Medium Vendor pom developer name Udo Borkowski Medium Vendor pom developer org abego Software GmbH, Germany Medium Vendor pom developer org URL http://abego-software.de Medium Vendor pom groupid org.abego.treelayout Highest Vendor pom name abego TreeLayout Core High Vendor pom organization name abego Software GmbH, Germany High Vendor pom organization url http://abego-software.de Medium Vendor pom url http://treelayout.sourceforge.net Highest Product file name org.abego.treelayout.core High Product jar package name abego Highest Product jar package name treelayout Highest Product Manifest bundle-docurl http://abego-software.de Low Product Manifest Bundle-Name abego TreeLayout Core Medium Product Manifest bundle-symbolicname org.abego.treelayout.core Medium Product Manifest Implementation-Title abego TreeLayout Core High Product Manifest specification-title abego TreeLayout Core Medium Product pom artifactid abego.treelayout.core Highest Product pom artifactid org.abego.treelayout.core Highest Product pom developer email ub@abego.org Low Product pom developer id ub Low Product pom developer name Udo Borkowski Low Product pom developer org abego Software GmbH, Germany Low Product pom developer org URL http://abego-software.de Low Product pom groupid org.abego.treelayout Highest Product pom name abego TreeLayout Core High Product pom organization name abego Software GmbH, Germany Low Product pom organization url http://abego-software.de Low Product pom url http://treelayout.sourceforge.net Medium Version file version 1.0.3 High Version Manifest Bundle-Version 1.0.3 High Version Manifest Implementation-Version 1.0.3 High Version pom version 1.0.3 Highest
org.apache.shardingsphere:shardingsphere-agent-api:5.5.1-SNAPSHOTDescription:
Build criterion and ecosystem above multi-model databases License:
Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/runner/work/shardingsphere-doc/shardingsphere-doc/shardingsphere/agent/api/pom.xml
Referenced In Projects/Scopes: shardingsphere-agent-distribution shardingsphere-agent-logging-type shardingsphere-test-e2e-fixture shardingsphere-agent-plugin-core shardingsphere-agent-metrics-prometheus shardingsphere-agent-metrics-core shardingsphere-test-e2e-agent-plugins-metrics-prometheus shardingsphere-test-e2e-agent-plugins-common shardingsphere-agent-logging-file shardingsphere-test-e2e-agent-plugins-logging-file shardingsphere-agent-plugin-logging shardingsphere-agent-plugins shardingsphere-agent-plugin-tracing shardingsphere-agent-tracing-opentelemetry shardingsphere-test-e2e-sql shardingsphere-agent-tracing-core shardingsphere-test-e2e-transaction shardingsphere-test-e2e-agent-plugins-jaeger shardingsphere-test-e2e-agent-plugins-zipkin shardingsphere-test-e2e-env shardingsphere-test-e2e-showprocesslist shardingsphere-agent-core shardingsphere-agent-tracing-type shardingsphere-agent-plugin-metrics shardingsphere-agent-metrics-type shardingsphere-test-e2e-pipeline org.apache.shardingsphere:shardingsphere-agent-api:5.5.1-SNAPSHOT is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugins@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-metrics-type@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugin-logging@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-tracing-type@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-zipkin@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-sql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-fixture@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-tracing-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-distribution@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugin-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-showprocesslist@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-tracing-opentelemetry@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-logging-file@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-logging-type@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugin-tracing@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-transaction@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugin-metrics@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-logging-file@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-metrics-prometheus@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-metrics-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-metrics-prometheus@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-common@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-pipeline@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-jaeger@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-env@5.5.1-SNAPSHOT Evidence Type Source Name Value Confidence Vendor file name pom High Vendor project artifactid shardingsphere-agent-api Low Vendor project groupid org.apache.shardingsphere Highest Product file name pom High Product project artifactid shardingsphere-agent-api Highest Product project groupid org.apache.shardingsphere Low
org.apache.shardingsphere:shardingsphere-agent-core:5.5.1-SNAPSHOTDescription:
Build criterion and ecosystem above multi-model databases License:
Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/runner/work/shardingsphere-doc/shardingsphere-doc/shardingsphere/agent/core/pom.xml
Referenced In Projects/Scopes: shardingsphere-agent-distribution shardingsphere-test-e2e-transaction shardingsphere-test-e2e-fixture shardingsphere-test-e2e-agent-plugins-jaeger shardingsphere-test-e2e-agent-plugins-metrics-prometheus shardingsphere-test-e2e-agent-plugins-common shardingsphere-test-e2e-agent-plugins-logging-file shardingsphere-test-e2e-agent-plugins-zipkin shardingsphere-test-e2e-env shardingsphere-test-e2e-sql shardingsphere-test-e2e-showprocesslist shardingsphere-test-e2e-pipeline org.apache.shardingsphere:shardingsphere-agent-core:5.5.1-SNAPSHOT is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-showprocesslist@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-common@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-logging-file@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-jaeger@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-env@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-metrics-prometheus@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-transaction@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-fixture@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-zipkin@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-sql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-pipeline@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-distribution@5.5.1-SNAPSHOT Evidence Type Source Name Value Confidence Vendor file name pom High Vendor project artifactid shardingsphere-agent-core Low Vendor project groupid org.apache.shardingsphere Highest Product file name pom High Product project artifactid shardingsphere-agent-core Highest Product project groupid org.apache.shardingsphere Low
org.apache.shardingsphere:shardingsphere-agent-logging-file:5.5.1-SNAPSHOTDescription:
Build criterion and ecosystem above multi-model databases License:
Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/runner/work/shardingsphere-doc/shardingsphere-doc/shardingsphere/agent/plugins/logging/type/file/pom.xml
Referenced In Project/Scope: shardingsphere-agent-distribution
org.apache.shardingsphere:shardingsphere-agent-logging-file:5.5.1-SNAPSHOT is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.shardingsphere/shardingsphere-agent-distribution@5.5.1-SNAPSHOT
Evidence Type Source Name Value Confidence Vendor file name pom High Vendor project artifactid shardingsphere-agent-logging-file Low Vendor project groupid org.apache.shardingsphere Highest Product file name pom High Product project artifactid shardingsphere-agent-logging-file Highest Product project groupid org.apache.shardingsphere Low
org.apache.shardingsphere:shardingsphere-agent-metrics-core:5.5.1-SNAPSHOTDescription:
Build criterion and ecosystem above multi-model databases License:
Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/runner/work/shardingsphere-doc/shardingsphere-doc/shardingsphere/agent/plugins/metrics/core/pom.xml
Referenced In Projects/Scopes: shardingsphere-agent-distribution shardingsphere-agent-metrics-prometheus org.apache.shardingsphere:shardingsphere-agent-metrics-core:5.5.1-SNAPSHOT is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.shardingsphere/shardingsphere-agent-distribution@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-metrics-prometheus@5.5.1-SNAPSHOT Evidence Type Source Name Value Confidence Vendor file name pom High Vendor project artifactid shardingsphere-agent-metrics-core Low Vendor project groupid org.apache.shardingsphere Highest Product file name pom High Product project artifactid shardingsphere-agent-metrics-core Highest Product project groupid org.apache.shardingsphere Low
org.apache.shardingsphere:shardingsphere-agent-metrics-prometheus:5.5.1-SNAPSHOTDescription:
Build criterion and ecosystem above multi-model databases License:
Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/runner/work/shardingsphere-doc/shardingsphere-doc/shardingsphere/agent/plugins/metrics/type/prometheus/pom.xml
Referenced In Project/Scope: shardingsphere-agent-distribution
org.apache.shardingsphere:shardingsphere-agent-metrics-prometheus:5.5.1-SNAPSHOT is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.shardingsphere/shardingsphere-agent-distribution@5.5.1-SNAPSHOT
Evidence Type Source Name Value Confidence Vendor file name pom High Vendor project artifactid shardingsphere-agent-metrics-prometheus Low Vendor project groupid org.apache.shardingsphere Highest Product file name pom High Product project artifactid shardingsphere-agent-metrics-prometheus Highest Product project groupid org.apache.shardingsphere Low
org.apache.shardingsphere:shardingsphere-agent-plugin-core:5.5.1-SNAPSHOTDescription:
Build criterion and ecosystem above multi-model databases License:
Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/runner/work/shardingsphere-doc/shardingsphere-doc/shardingsphere/agent/plugins/core/pom.xml
Referenced In Projects/Scopes: shardingsphere-agent-plugin-tracing shardingsphere-agent-tracing-opentelemetry shardingsphere-agent-logging-type shardingsphere-agent-tracing-type shardingsphere-agent-metrics-prometheus shardingsphere-agent-metrics-core shardingsphere-agent-plugin-metrics shardingsphere-agent-tracing-core shardingsphere-agent-logging-file shardingsphere-agent-metrics-type shardingsphere-agent-plugin-logging org.apache.shardingsphere:shardingsphere-agent-plugin-core:5.5.1-SNAPSHOT is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.shardingsphere/shardingsphere-agent-metrics-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-tracing-type@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-logging-type@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-logging-file@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-tracing-opentelemetry@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugin-tracing@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugin-metrics@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-metrics-prometheus@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-metrics-type@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugin-logging@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-tracing-core@5.5.1-SNAPSHOT Evidence Type Source Name Value Confidence Vendor file name pom High Vendor project artifactid shardingsphere-agent-plugin-core Low Vendor project groupid org.apache.shardingsphere Highest Product file name pom High Product project artifactid shardingsphere-agent-plugin-core Highest Product project groupid org.apache.shardingsphere Low
org.apache.shardingsphere:shardingsphere-agent-tracing-core:5.5.1-SNAPSHOTDescription:
Build criterion and ecosystem above multi-model databases License:
Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/runner/work/shardingsphere-doc/shardingsphere-doc/shardingsphere/agent/plugins/tracing/core/pom.xml
Referenced In Projects/Scopes: shardingsphere-agent-distribution shardingsphere-agent-tracing-opentelemetry shardingsphere-agent-tracing-type org.apache.shardingsphere:shardingsphere-agent-tracing-core:5.5.1-SNAPSHOT is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.shardingsphere/shardingsphere-agent-tracing-type@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-distribution@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-tracing-opentelemetry@5.5.1-SNAPSHOT Evidence Type Source Name Value Confidence Vendor file name pom High Vendor project artifactid shardingsphere-agent-tracing-core Low Vendor project groupid org.apache.shardingsphere Highest Product file name pom High Product project artifactid shardingsphere-agent-tracing-core Highest Product project groupid org.apache.shardingsphere Low
org.apache.shardingsphere:shardingsphere-agent-tracing-opentelemetry:5.5.1-SNAPSHOTDescription:
Build criterion and ecosystem above multi-model databases License:
Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/runner/work/shardingsphere-doc/shardingsphere-doc/shardingsphere/agent/plugins/tracing/type/opentelemetry/pom.xml
Referenced In Project/Scope: shardingsphere-agent-distribution
org.apache.shardingsphere:shardingsphere-agent-tracing-opentelemetry:5.5.1-SNAPSHOT is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.shardingsphere/shardingsphere-agent-distribution@5.5.1-SNAPSHOT
Evidence Type Source Name Value Confidence Vendor file name pom High Vendor project artifactid shardingsphere-agent-tracing-opentelemetry Low Vendor project groupid org.apache.shardingsphere Highest Product file name pom High Product project artifactid shardingsphere-agent-tracing-opentelemetry Highest Product project groupid org.apache.shardingsphere Low
org.apache.shardingsphere:shardingsphere-authority-api:5.5.1-SNAPSHOT org.apache.shardingsphere:shardingsphere-authority-core:5.5.1-SNAPSHOT org.apache.shardingsphere:shardingsphere-authority-database:5.5.1-SNAPSHOT org.apache.shardingsphere:shardingsphere-authority-distsql-handler:5.5.1-SNAPSHOTDescription:
Build criterion and ecosystem above multi-model databases License:
Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/runner/work/shardingsphere-doc/shardingsphere-doc/shardingsphere/kernel/authority/distsql/handler/pom.xml
Referenced In Projects/Scopes: shardingsphere-agent-logging-type shardingsphere-test-e2e-fixture shardingsphere-proxy-frontend-opengauss shardingsphere-proxy-distribution shardingsphere-agent-plugin-core shardingsphere-agent-metrics-prometheus shardingsphere-agent-metrics-core shardingsphere-test-e2e-agent-plugins-metrics-prometheus shardingsphere-test-e2e-agent-plugins-common shardingsphere-agent-logging-file shardingsphere-test-e2e-agent-plugins-logging-file shardingsphere-agent-plugin-logging shardingsphere-agent-plugins shardingsphere-agent-plugin-tracing shardingsphere-proxy-frontend-spi shardingsphere-agent-tracing-opentelemetry shardingsphere-test-e2e-sql shardingsphere-proxy-backend-mysql shardingsphere-proxy-frontend-mysql shardingsphere-agent-tracing-core shardingsphere-proxy-backend-core shardingsphere-proxy-backend-postgresql shardingsphere-test-e2e-transaction shardingsphere-proxy-backend-hbase shardingsphere-proxy-bootstrap shardingsphere-test-e2e-agent-plugins-jaeger shardingsphere-proxy-frontend-postgresql shardingsphere-test-e2e-agent-plugins-zipkin shardingsphere-test-e2e-env shardingsphere-test-e2e-showprocesslist shardingsphere-agent-tracing-type shardingsphere-agent-plugin-metrics shardingsphere-proxy-frontend-core shardingsphere-agent-metrics-type shardingsphere-test-e2e-pipeline shardingsphere-proxy-native-distribution shardingsphere-proxy-backend-opengauss org.apache.shardingsphere:shardingsphere-authority-distsql-handler:5.5.1-SNAPSHOT is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-common@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-zipkin@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-spi@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-logging-file@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-logging-file@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-tracing-opentelemetry@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-distribution@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-metrics-prometheus@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-metrics-type@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-tracing-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-hbase@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-fixture@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-transaction@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugin-metrics@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-mysql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-jaeger@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-logging-type@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-env@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugin-logging@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-opengauss@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-postgresql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugin-tracing@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-native-distribution@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-metrics-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugins@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-sql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-opengauss@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-metrics-prometheus@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-showprocesslist@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-tracing-type@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-postgresql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-bootstrap@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugin-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-pipeline@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-mysql@5.5.1-SNAPSHOT Evidence Type Source Name Value Confidence Vendor file name pom High Vendor project artifactid shardingsphere-authority-distsql-handler Low Vendor project groupid org.apache.shardingsphere Highest Product file name pom High Product project artifactid shardingsphere-authority-distsql-handler Highest Product project groupid org.apache.shardingsphere Low
org.apache.shardingsphere:shardingsphere-authority-distsql-parser:5.5.1-SNAPSHOTDescription:
Build criterion and ecosystem above multi-model databases License:
Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/runner/work/shardingsphere-doc/shardingsphere-doc/shardingsphere/kernel/authority/distsql/parser/pom.xml
Referenced In Projects/Scopes: shardingsphere-agent-logging-type shardingsphere-test-e2e-fixture shardingsphere-proxy-frontend-opengauss shardingsphere-proxy-distribution shardingsphere-agent-plugin-core shardingsphere-agent-metrics-prometheus shardingsphere-agent-metrics-core shardingsphere-test-e2e-agent-plugins-metrics-prometheus shardingsphere-test-e2e-agent-plugins-common shardingsphere-agent-logging-file shardingsphere-test-e2e-agent-plugins-logging-file shardingsphere-agent-plugin-logging shardingsphere-agent-plugins shardingsphere-agent-plugin-tracing shardingsphere-proxy-frontend-spi shardingsphere-agent-tracing-opentelemetry shardingsphere-test-e2e-sql shardingsphere-proxy-backend-mysql shardingsphere-proxy-frontend-mysql shardingsphere-agent-tracing-core shardingsphere-proxy-backend-core shardingsphere-proxy-backend-postgresql shardingsphere-test-e2e-transaction shardingsphere-proxy-backend-hbase shardingsphere-proxy-bootstrap shardingsphere-test-e2e-agent-plugins-jaeger shardingsphere-test-it-optimizer shardingsphere-proxy-frontend-postgresql shardingsphere-test-e2e-agent-plugins-zipkin shardingsphere-test-e2e-env shardingsphere-authority-distsql-handler shardingsphere-test-e2e-showprocesslist shardingsphere-agent-tracing-type shardingsphere-agent-plugin-metrics shardingsphere-proxy-frontend-core shardingsphere-agent-metrics-type shardingsphere-test-e2e-pipeline shardingsphere-test-it-parser shardingsphere-proxy-native-distribution shardingsphere-proxy-backend-opengauss org.apache.shardingsphere:shardingsphere-authority-distsql-parser:5.5.1-SNAPSHOT is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-opengauss@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-tracing-opentelemetry@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugins@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-jaeger@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-env@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-logging-file@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-native-distribution@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-mysql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-tracing-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-it-optimizer@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-it-parser@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-zipkin@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-spi@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-logging-file@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugin-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-authority-distsql-handler@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-bootstrap@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-fixture@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-pipeline@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-common@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-sql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-hbase@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-metrics-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-metrics-prometheus@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-logging-type@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-postgresql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-postgresql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugin-tracing@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-mysql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-metrics-prometheus@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-showprocesslist@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugin-logging@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-opengauss@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-metrics-type@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-tracing-type@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-transaction@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-distribution@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugin-metrics@5.5.1-SNAPSHOT Evidence Type Source Name Value Confidence Vendor file name pom High Vendor project artifactid shardingsphere-authority-distsql-parser Low Vendor project groupid org.apache.shardingsphere Highest Product file name pom High Product project artifactid shardingsphere-authority-distsql-parser Highest Product project groupid org.apache.shardingsphere Low
org.apache.shardingsphere:shardingsphere-authority-distsql-statement:5.5.1-SNAPSHOTDescription:
Build criterion and ecosystem above multi-model databases License:
Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/runner/work/shardingsphere-doc/shardingsphere-doc/shardingsphere/kernel/authority/distsql/statement/pom.xml
Referenced In Projects/Scopes: shardingsphere-authority-distsql-parser shardingsphere-agent-logging-type shardingsphere-test-e2e-fixture shardingsphere-proxy-frontend-opengauss shardingsphere-proxy-distribution shardingsphere-agent-plugin-core shardingsphere-agent-metrics-prometheus shardingsphere-agent-metrics-core shardingsphere-test-e2e-agent-plugins-metrics-prometheus shardingsphere-test-e2e-agent-plugins-common shardingsphere-agent-logging-file shardingsphere-test-e2e-agent-plugins-logging-file shardingsphere-agent-plugin-logging shardingsphere-agent-plugins shardingsphere-agent-plugin-tracing shardingsphere-proxy-frontend-spi shardingsphere-agent-tracing-opentelemetry shardingsphere-test-e2e-sql shardingsphere-proxy-backend-mysql shardingsphere-proxy-frontend-mysql shardingsphere-agent-tracing-core shardingsphere-proxy-backend-core shardingsphere-proxy-backend-postgresql shardingsphere-test-e2e-transaction shardingsphere-proxy-backend-hbase shardingsphere-proxy-bootstrap shardingsphere-test-e2e-agent-plugins-jaeger shardingsphere-test-it-optimizer shardingsphere-proxy-frontend-postgresql shardingsphere-test-e2e-agent-plugins-zipkin shardingsphere-test-e2e-env shardingsphere-authority-distsql-handler shardingsphere-test-e2e-showprocesslist shardingsphere-agent-tracing-type shardingsphere-agent-plugin-metrics shardingsphere-proxy-frontend-core shardingsphere-agent-metrics-type shardingsphere-test-e2e-pipeline shardingsphere-test-it-parser shardingsphere-proxy-native-distribution shardingsphere-proxy-backend-opengauss org.apache.shardingsphere:shardingsphere-authority-distsql-statement:5.5.1-SNAPSHOT is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-spi@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-distribution@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-authority-distsql-handler@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-hbase@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-common@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-fixture@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugins@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-tracing-opentelemetry@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugin-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-zipkin@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-postgresql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-jaeger@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-postgresql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-it-parser@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-mysql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-native-distribution@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugin-tracing@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-sql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-pipeline@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugin-metrics@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-metrics-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-logging-file@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-env@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-bootstrap@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-logging-file@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugin-logging@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-opengauss@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-metrics-prometheus@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-opengauss@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-metrics-prometheus@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-it-optimizer@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-transaction@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-tracing-type@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-logging-type@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-mysql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-metrics-type@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-authority-distsql-parser@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-showprocesslist@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-tracing-core@5.5.1-SNAPSHOT Evidence Type Source Name Value Confidence Vendor file name pom High Vendor project artifactid shardingsphere-authority-distsql-statement Low Vendor project groupid org.apache.shardingsphere Highest Product file name pom High Product project artifactid shardingsphere-authority-distsql-statement Highest Product project groupid org.apache.shardingsphere Low
org.apache.shardingsphere:shardingsphere-authority-simple:5.5.1-SNAPSHOT org.apache.shardingsphere:shardingsphere-broadcast-api:5.5.1-SNAPSHOTDescription:
Build criterion and ecosystem above multi-model databases License:
Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/runner/work/shardingsphere-doc/shardingsphere-doc/shardingsphere/features/broadcast/api/pom.xml
Referenced In Projects/Scopes: shardingsphere-agent-logging-type shardingsphere-proxy-frontend-opengauss shardingsphere-proxy-distribution shardingsphere-jdbc-distribution shardingsphere-agent-metrics-core shardingsphere-data-pipeline-distsql-handler shardingsphere-test-e2e-agent-plugins-metrics-prometheus shardingsphere-agent-plugin-logging shardingsphere-broadcast-core shardingsphere-agent-plugin-tracing shardingsphere-test-e2e-sql shardingsphere-proxy-backend-mysql shardingsphere-jdbc shardingsphere-proxy-frontend-mysql shardingsphere-agent-tracing-core shardingsphere-test-it-pipeline shardingsphere-proxy-backend-postgresql shardingsphere-data-pipeline-opengauss shardingsphere-test-e2e-driver shardingsphere-proxy-bootstrap shardingsphere-broadcast-distsql-handler shardingsphere-data-pipeline-cdc-core shardingsphere-test-e2e-agent-plugins-zipkin shardingsphere-test-e2e-env shardingsphere-test-e2e-showprocesslist shardingsphere-agent-tracing-type shardingsphere-proxy-frontend-core shardingsphere-data-pipeline-core shardingsphere-data-pipeline-scenario-migration shardingsphere-proxy-native-distribution shardingsphere-test-e2e-fixture shardingsphere-agent-plugin-core shardingsphere-agent-metrics-prometheus shardingsphere-test-e2e-agent-plugins-common shardingsphere-agent-logging-file shardingsphere-data-pipeline-scenario-consistencycheck shardingsphere-test-e2e-agent-plugins-logging-file shardingsphere-agent-plugins shardingsphere-proxy-frontend-spi shardingsphere-agent-tracing-opentelemetry shardingsphere-data-pipeline-postgresql shardingsphere-proxy-backend-core shardingsphere-test-e2e-transaction shardingsphere-proxy-backend-hbase shardingsphere-test-e2e-agent-plugins-jaeger shardingsphere-test-e2e-agent-jdbc-project shardingsphere-proxy-frontend-postgresql shardingsphere-agent-plugin-metrics shardingsphere-agent-metrics-type shardingsphere-test-e2e-pipeline shardingsphere-proxy-backend-opengauss org.apache.shardingsphere:shardingsphere-broadcast-api:5.5.1-SNAPSHOT is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-distsql-handler@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-broadcast-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-metrics-prometheus@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-postgresql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-common@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-jdbc-project@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-logging-type@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-metrics-prometheus@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-tracing-type@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-postgresql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-showprocesslist@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugin-tracing@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-opengauss@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-scenario-consistencycheck@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-native-distribution@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-metrics-type@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-hbase@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-opengauss@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugin-metrics@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-jaeger@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-logging-file@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-broadcast-distsql-handler@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-bootstrap@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-mysql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-tracing-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-spi@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-jdbc@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-opengauss@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-cdc-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-pipeline@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-zipkin@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-logging-file@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-fixture@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugin-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-sql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-distribution@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-scenario-migration@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-jdbc-distribution@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-mysql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-transaction@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-env@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-driver@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugins@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugin-logging@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-tracing-opentelemetry@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-postgresql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-metrics-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-it-pipeline@5.5.1-SNAPSHOT Evidence Type Source Name Value Confidence Vendor file name pom High Vendor project artifactid shardingsphere-broadcast-api Low Vendor project groupid org.apache.shardingsphere Highest Product file name pom High Product project artifactid shardingsphere-broadcast-api Highest Product project groupid org.apache.shardingsphere Low
org.apache.shardingsphere:shardingsphere-broadcast-core:5.5.1-SNAPSHOTDescription:
Build criterion and ecosystem above multi-model databases License:
Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/runner/work/shardingsphere-doc/shardingsphere-doc/shardingsphere/features/broadcast/core/pom.xml
Referenced In Projects/Scopes: shardingsphere-agent-logging-type shardingsphere-proxy-frontend-opengauss shardingsphere-proxy-distribution shardingsphere-jdbc-distribution shardingsphere-agent-metrics-core shardingsphere-data-pipeline-distsql-handler shardingsphere-test-e2e-agent-plugins-metrics-prometheus shardingsphere-agent-plugin-logging shardingsphere-agent-plugin-tracing shardingsphere-test-e2e-sql shardingsphere-proxy-backend-mysql shardingsphere-jdbc shardingsphere-proxy-frontend-mysql shardingsphere-agent-tracing-core shardingsphere-test-it-pipeline shardingsphere-proxy-backend-postgresql shardingsphere-data-pipeline-opengauss shardingsphere-test-e2e-driver shardingsphere-proxy-bootstrap shardingsphere-broadcast-distsql-handler shardingsphere-data-pipeline-cdc-core shardingsphere-test-e2e-agent-plugins-zipkin shardingsphere-test-e2e-env shardingsphere-test-e2e-showprocesslist shardingsphere-agent-tracing-type shardingsphere-proxy-frontend-core shardingsphere-data-pipeline-core shardingsphere-data-pipeline-scenario-migration shardingsphere-proxy-native-distribution shardingsphere-test-e2e-fixture shardingsphere-agent-plugin-core shardingsphere-agent-metrics-prometheus shardingsphere-test-e2e-agent-plugins-common shardingsphere-agent-logging-file shardingsphere-data-pipeline-scenario-consistencycheck shardingsphere-test-e2e-agent-plugins-logging-file shardingsphere-agent-plugins shardingsphere-proxy-frontend-spi shardingsphere-agent-tracing-opentelemetry shardingsphere-data-pipeline-postgresql shardingsphere-proxy-backend-core shardingsphere-test-e2e-transaction shardingsphere-proxy-backend-hbase shardingsphere-test-e2e-agent-plugins-jaeger shardingsphere-test-e2e-agent-jdbc-project shardingsphere-proxy-frontend-postgresql shardingsphere-agent-plugin-metrics shardingsphere-agent-metrics-type shardingsphere-test-e2e-pipeline shardingsphere-proxy-backend-opengauss org.apache.shardingsphere:shardingsphere-broadcast-core:5.5.1-SNAPSHOT is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-transaction@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-metrics-type@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-opengauss@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-tracing-type@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-scenario-migration@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugin-tracing@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-common@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-env@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-hbase@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-metrics-prometheus@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-bootstrap@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-jdbc@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugin-logging@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-scenario-consistencycheck@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-jaeger@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-tracing-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-logging-type@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-tracing-opentelemetry@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-logging-file@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-mysql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-postgresql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-metrics-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugins@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-fixture@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-showprocesslist@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-distribution@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugin-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-jdbc-distribution@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-postgresql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-driver@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-opengauss@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-zipkin@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-logging-file@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-cdc-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-spi@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-native-distribution@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-metrics-prometheus@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugin-metrics@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-opengauss@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-postgresql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-pipeline@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-distsql-handler@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-mysql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-it-pipeline@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-broadcast-distsql-handler@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-sql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-jdbc-project@5.5.1-SNAPSHOT Evidence Type Source Name Value Confidence Vendor file name pom High Vendor project artifactid shardingsphere-broadcast-core Low Vendor project groupid org.apache.shardingsphere Highest Product file name pom High Product project artifactid shardingsphere-broadcast-core Highest Product project groupid org.apache.shardingsphere Low
org.apache.shardingsphere:shardingsphere-broadcast-distsql-handler:5.5.1-SNAPSHOTDescription:
Build criterion and ecosystem above multi-model databases License:
Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/runner/work/shardingsphere-doc/shardingsphere-doc/shardingsphere/features/broadcast/distsql/handler/pom.xml
Referenced In Projects/Scopes: shardingsphere-agent-logging-type shardingsphere-test-e2e-fixture shardingsphere-proxy-frontend-opengauss shardingsphere-proxy-distribution shardingsphere-agent-plugin-core shardingsphere-agent-metrics-prometheus shardingsphere-agent-metrics-core shardingsphere-test-e2e-agent-plugins-metrics-prometheus shardingsphere-test-e2e-agent-plugins-common shardingsphere-agent-logging-file shardingsphere-test-e2e-agent-plugins-logging-file shardingsphere-agent-plugin-logging shardingsphere-agent-plugins shardingsphere-agent-plugin-tracing shardingsphere-proxy-frontend-spi shardingsphere-agent-tracing-opentelemetry shardingsphere-test-e2e-sql shardingsphere-proxy-backend-mysql shardingsphere-proxy-frontend-mysql shardingsphere-agent-tracing-core shardingsphere-proxy-backend-core shardingsphere-proxy-backend-postgresql shardingsphere-test-e2e-transaction shardingsphere-proxy-backend-hbase shardingsphere-proxy-bootstrap shardingsphere-test-e2e-agent-plugins-jaeger shardingsphere-proxy-frontend-postgresql shardingsphere-test-e2e-agent-plugins-zipkin shardingsphere-test-e2e-env shardingsphere-test-e2e-showprocesslist shardingsphere-agent-tracing-type shardingsphere-agent-plugin-metrics shardingsphere-proxy-frontend-core shardingsphere-agent-metrics-type shardingsphere-test-e2e-pipeline shardingsphere-proxy-native-distribution shardingsphere-proxy-backend-opengauss org.apache.shardingsphere:shardingsphere-broadcast-distsql-handler:5.5.1-SNAPSHOT is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.shardingsphere/shardingsphere-agent-metrics-type@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-mysql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-tracing-opentelemetry@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-tracing-type@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-transaction@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-distribution@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-zipkin@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugin-metrics@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-opengauss@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-sql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugin-tracing@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-fixture@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugins@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-spi@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-logging-type@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-postgresql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-metrics-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-bootstrap@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugin-logging@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-metrics-prometheus@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-opengauss@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-logging-file@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-mysql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-logging-file@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-showprocesslist@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-postgresql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-jaeger@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-pipeline@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-tracing-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-metrics-prometheus@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-native-distribution@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-hbase@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugin-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-common@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-env@5.5.1-SNAPSHOT Evidence Type Source Name Value Confidence Vendor file name pom High Vendor project artifactid shardingsphere-broadcast-distsql-handler Low Vendor project groupid org.apache.shardingsphere Highest Product file name pom High Product project artifactid shardingsphere-broadcast-distsql-handler Highest Product project groupid org.apache.shardingsphere Low
org.apache.shardingsphere:shardingsphere-broadcast-distsql-parser:5.5.1-SNAPSHOTDescription:
Build criterion and ecosystem above multi-model databases License:
Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/runner/work/shardingsphere-doc/shardingsphere-doc/shardingsphere/features/broadcast/distsql/parser/pom.xml
Referenced In Projects/Scopes: shardingsphere-agent-logging-type shardingsphere-test-e2e-fixture shardingsphere-proxy-frontend-opengauss shardingsphere-proxy-distribution shardingsphere-agent-plugin-core shardingsphere-agent-metrics-prometheus shardingsphere-agent-metrics-core shardingsphere-test-e2e-agent-plugins-metrics-prometheus shardingsphere-test-e2e-agent-plugins-common shardingsphere-agent-logging-file shardingsphere-test-e2e-agent-plugins-logging-file shardingsphere-agent-plugin-logging shardingsphere-agent-plugins shardingsphere-agent-plugin-tracing shardingsphere-proxy-frontend-spi shardingsphere-agent-tracing-opentelemetry shardingsphere-test-e2e-sql shardingsphere-proxy-backend-mysql shardingsphere-proxy-frontend-mysql shardingsphere-agent-tracing-core shardingsphere-proxy-backend-core shardingsphere-proxy-backend-postgresql shardingsphere-test-e2e-transaction shardingsphere-proxy-backend-hbase shardingsphere-proxy-bootstrap shardingsphere-broadcast-distsql-handler shardingsphere-test-e2e-agent-plugins-jaeger shardingsphere-test-it-optimizer shardingsphere-proxy-frontend-postgresql shardingsphere-test-e2e-agent-plugins-zipkin shardingsphere-test-e2e-env shardingsphere-test-e2e-showprocesslist shardingsphere-agent-tracing-type shardingsphere-agent-plugin-metrics shardingsphere-proxy-frontend-core shardingsphere-agent-metrics-type shardingsphere-test-e2e-pipeline shardingsphere-test-it-parser shardingsphere-proxy-native-distribution shardingsphere-proxy-backend-opengauss org.apache.shardingsphere:shardingsphere-broadcast-distsql-parser:5.5.1-SNAPSHOT is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.shardingsphere/shardingsphere-agent-metrics-prometheus@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-postgresql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-env@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-broadcast-distsql-handler@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-metrics-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-zipkin@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-distribution@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugin-metrics@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-logging-file@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-jaeger@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-opengauss@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-it-optimizer@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-pipeline@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-native-distribution@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-metrics-prometheus@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-hbase@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-fixture@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-metrics-type@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-common@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-tracing-opentelemetry@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-tracing-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugins@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugin-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-showprocesslist@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-opengauss@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-sql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-logging-type@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-mysql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-spi@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-tracing-type@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-postgresql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-it-parser@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-mysql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-transaction@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-bootstrap@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-logging-file@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugin-logging@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugin-tracing@5.5.1-SNAPSHOT Evidence Type Source Name Value Confidence Vendor file name pom High Vendor project artifactid shardingsphere-broadcast-distsql-parser Low Vendor project groupid org.apache.shardingsphere Highest Product file name pom High Product project artifactid shardingsphere-broadcast-distsql-parser Highest Product project groupid org.apache.shardingsphere Low
org.apache.shardingsphere:shardingsphere-broadcast-distsql-statement:5.5.1-SNAPSHOTDescription:
Build criterion and ecosystem above multi-model databases License:
Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/runner/work/shardingsphere-doc/shardingsphere-doc/shardingsphere/features/broadcast/distsql/statement/pom.xml
Referenced In Projects/Scopes: shardingsphere-agent-logging-type shardingsphere-test-e2e-fixture shardingsphere-proxy-frontend-opengauss shardingsphere-proxy-distribution shardingsphere-agent-plugin-core shardingsphere-agent-metrics-prometheus shardingsphere-agent-metrics-core shardingsphere-test-e2e-agent-plugins-metrics-prometheus shardingsphere-test-e2e-agent-plugins-common shardingsphere-agent-logging-file shardingsphere-test-e2e-agent-plugins-logging-file shardingsphere-agent-plugin-logging shardingsphere-agent-plugins shardingsphere-agent-plugin-tracing shardingsphere-proxy-frontend-spi shardingsphere-agent-tracing-opentelemetry shardingsphere-test-e2e-sql shardingsphere-proxy-backend-mysql shardingsphere-proxy-frontend-mysql shardingsphere-agent-tracing-core shardingsphere-proxy-backend-core shardingsphere-proxy-backend-postgresql shardingsphere-test-e2e-transaction shardingsphere-proxy-backend-hbase shardingsphere-broadcast-distsql-parser shardingsphere-proxy-bootstrap shardingsphere-broadcast-distsql-handler shardingsphere-test-e2e-agent-plugins-jaeger shardingsphere-test-it-optimizer shardingsphere-proxy-frontend-postgresql shardingsphere-test-e2e-agent-plugins-zipkin shardingsphere-test-e2e-env shardingsphere-test-e2e-showprocesslist shardingsphere-agent-tracing-type shardingsphere-agent-plugin-metrics shardingsphere-proxy-frontend-core shardingsphere-agent-metrics-type shardingsphere-test-e2e-pipeline shardingsphere-test-it-parser shardingsphere-proxy-native-distribution shardingsphere-proxy-backend-opengauss org.apache.shardingsphere:shardingsphere-broadcast-distsql-statement:5.5.1-SNAPSHOT is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-transaction@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugin-metrics@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-opengauss@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-env@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-broadcast-distsql-handler@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-native-distribution@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-showprocesslist@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-metrics-prometheus@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-logging-type@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-common@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-broadcast-distsql-parser@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-metrics-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-metrics-prometheus@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-fixture@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-logging-file@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugin-logging@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-mysql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-tracing-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-jaeger@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-postgresql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-metrics-type@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-it-parser@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugin-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-opengauss@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-hbase@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-mysql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-it-optimizer@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-tracing-type@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugin-tracing@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-sql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-logging-file@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-tracing-opentelemetry@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-bootstrap@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-spi@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-zipkin@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-postgresql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugins@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-pipeline@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-distribution@5.5.1-SNAPSHOT Evidence Type Source Name Value Confidence Vendor file name pom High Vendor project artifactid shardingsphere-broadcast-distsql-statement Low Vendor project groupid org.apache.shardingsphere Highest Product file name pom High Product project artifactid shardingsphere-broadcast-distsql-statement Highest Product project groupid org.apache.shardingsphere Low
org.apache.shardingsphere:shardingsphere-cluster-mode-core:5.5.1-SNAPSHOT org.apache.shardingsphere:shardingsphere-cluster-mode-repository-api:5.5.1-SNAPSHOT org.apache.shardingsphere:shardingsphere-cluster-mode-repository-etcd:5.5.1-SNAPSHOTDescription:
Build criterion and ecosystem above multi-model databases License:
Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/runner/work/shardingsphere-doc/shardingsphere-doc/shardingsphere/mode/type/cluster/repository/provider/etcd/pom.xml
Referenced In Projects/Scopes: shardingsphere-test-e2e-transaction shardingsphere-test-e2e-fixture shardingsphere-proxy-distribution shardingsphere-jdbc-distribution shardingsphere-agent-metrics-prometheus shardingsphere-agent-metrics-core shardingsphere-proxy-bootstrap shardingsphere-test-e2e-agent-plugins-jaeger shardingsphere-test-e2e-agent-plugins-metrics-prometheus shardingsphere-test-e2e-agent-plugins-common shardingsphere-test-e2e-agent-plugins-logging-file shardingsphere-test-e2e-agent-plugins-zipkin shardingsphere-test-e2e-env shardingsphere-test-e2e-sql shardingsphere-test-e2e-showprocesslist shardingsphere-test-e2e-pipeline shardingsphere-proxy-native-distribution org.apache.shardingsphere:shardingsphere-cluster-mode-repository-etcd:5.5.1-SNAPSHOT is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-fixture@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-jdbc-distribution@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-transaction@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-logging-file@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-pipeline@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-jaeger@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-showprocesslist@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-native-distribution@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-distribution@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-env@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-metrics-prometheus@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-metrics-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-metrics-prometheus@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-bootstrap@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-common@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-zipkin@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-sql@5.5.1-SNAPSHOT Evidence Type Source Name Value Confidence Vendor file name pom High Vendor project artifactid shardingsphere-cluster-mode-repository-etcd Low Vendor project groupid org.apache.shardingsphere Highest Product file name pom High Product project artifactid shardingsphere-cluster-mode-repository-etcd Highest Product project groupid org.apache.shardingsphere Low
org.apache.shardingsphere:shardingsphere-cluster-mode-repository-zookeeper:5.5.1-SNAPSHOTDescription:
Build criterion and ecosystem above multi-model databases License:
Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/runner/work/shardingsphere-doc/shardingsphere-doc/shardingsphere/mode/type/cluster/repository/provider/zookeeper/pom.xml
Referenced In Projects/Scopes: shardingsphere-agent-logging-type shardingsphere-test-e2e-fixture shardingsphere-proxy-frontend-opengauss shardingsphere-proxy-distribution shardingsphere-agent-plugin-core shardingsphere-agent-metrics-prometheus shardingsphere-agent-metrics-core shardingsphere-data-pipeline-distsql-handler shardingsphere-test-e2e-agent-plugins-metrics-prometheus shardingsphere-test-e2e-agent-plugins-common shardingsphere-agent-logging-file shardingsphere-data-pipeline-scenario-consistencycheck shardingsphere-test-e2e-agent-plugins-logging-file shardingsphere-agent-plugin-logging shardingsphere-agent-plugins shardingsphere-agent-plugin-tracing shardingsphere-proxy-frontend-spi shardingsphere-agent-tracing-opentelemetry shardingsphere-test-e2e-sql shardingsphere-proxy-backend-mysql shardingsphere-data-pipeline-postgresql shardingsphere-proxy-frontend-mysql shardingsphere-agent-tracing-core shardingsphere-proxy-backend-core shardingsphere-test-it-pipeline shardingsphere-proxy-backend-postgresql shardingsphere-test-e2e-transaction shardingsphere-data-pipeline-opengauss shardingsphere-proxy-backend-hbase shardingsphere-proxy-bootstrap shardingsphere-test-e2e-agent-plugins-jaeger shardingsphere-data-pipeline-cdc-core shardingsphere-data-pipeline-mysql shardingsphere-proxy-frontend-postgresql shardingsphere-test-e2e-agent-plugins-zipkin shardingsphere-test-e2e-env shardingsphere-test-e2e-showprocesslist shardingsphere-agent-tracing-type shardingsphere-agent-plugin-metrics shardingsphere-proxy-frontend-core shardingsphere-data-pipeline-core shardingsphere-agent-metrics-type shardingsphere-test-e2e-pipeline shardingsphere-data-pipeline-scenario-migration shardingsphere-proxy-native-distribution shardingsphere-proxy-backend-opengauss org.apache.shardingsphere:shardingsphere-cluster-mode-repository-zookeeper:5.5.1-SNAPSHOT is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-tracing-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-scenario-consistencycheck@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-env@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-logging-type@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-opengauss@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-postgresql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-cdc-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-spi@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-bootstrap@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-postgresql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-metrics-prometheus@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-opengauss@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-sql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-mysql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-mysql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-scenario-migration@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-it-pipeline@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-transaction@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-hbase@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugin-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-showprocesslist@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-distribution@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-mysql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-logging-file@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-metrics-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-tracing-type@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugin-logging@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-pipeline@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-jaeger@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-opengauss@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugin-tracing@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-native-distribution@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-logging-file@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-fixture@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-distsql-handler@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-postgresql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugins@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-metrics-type@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-metrics-prometheus@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugin-metrics@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-zipkin@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-common@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-tracing-opentelemetry@5.5.1-SNAPSHOT Evidence Type Source Name Value Confidence Vendor file name pom High Vendor project artifactid shardingsphere-cluster-mode-repository-zookeeper Low Vendor project groupid org.apache.shardingsphere Highest Product file name pom High Product project artifactid shardingsphere-cluster-mode-repository-zookeeper Highest Product project groupid org.apache.shardingsphere Low
org.apache.shardingsphere:shardingsphere-data-pipeline-api:5.5.1-SNAPSHOTDescription:
Build criterion and ecosystem above multi-model databases License:
Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/runner/work/shardingsphere-doc/shardingsphere-doc/shardingsphere/kernel/data-pipeline/api/pom.xml
Referenced In Projects/Scopes: shardingsphere-agent-logging-type shardingsphere-test-e2e-fixture shardingsphere-proxy-frontend-opengauss shardingsphere-proxy-distribution shardingsphere-agent-plugin-core shardingsphere-agent-metrics-prometheus shardingsphere-agent-metrics-core shardingsphere-data-pipeline-distsql-handler shardingsphere-test-e2e-agent-plugins-metrics-prometheus shardingsphere-test-e2e-agent-plugins-common shardingsphere-agent-logging-file shardingsphere-data-pipeline-scenario-consistencycheck shardingsphere-test-e2e-agent-plugins-logging-file shardingsphere-agent-plugin-logging shardingsphere-agent-plugins shardingsphere-agent-plugin-tracing shardingsphere-proxy-frontend-spi shardingsphere-agent-tracing-opentelemetry shardingsphere-test-e2e-sql shardingsphere-proxy-backend-mysql shardingsphere-data-pipeline-postgresql shardingsphere-proxy-frontend-mysql shardingsphere-agent-tracing-core shardingsphere-proxy-backend-core shardingsphere-test-it-pipeline shardingsphere-proxy-backend-postgresql shardingsphere-test-e2e-transaction shardingsphere-data-pipeline-opengauss shardingsphere-proxy-backend-hbase shardingsphere-proxy-bootstrap shardingsphere-test-e2e-agent-plugins-jaeger shardingsphere-data-pipeline-cdc-core shardingsphere-data-pipeline-mysql shardingsphere-proxy-frontend-postgresql shardingsphere-test-e2e-agent-plugins-zipkin shardingsphere-test-e2e-env shardingsphere-test-e2e-showprocesslist shardingsphere-agent-tracing-type shardingsphere-agent-plugin-metrics shardingsphere-proxy-frontend-core shardingsphere-data-pipeline-core shardingsphere-agent-metrics-type shardingsphere-test-e2e-pipeline shardingsphere-data-pipeline-scenario-migration shardingsphere-proxy-native-distribution shardingsphere-proxy-backend-opengauss org.apache.shardingsphere:shardingsphere-data-pipeline-api:5.5.1-SNAPSHOT is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-logging-file@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-zipkin@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-metrics-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-fixture@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugin-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-native-distribution@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-opengauss@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-opengauss@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-metrics-type@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-mysql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-opengauss@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-logging-file@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-distsql-handler@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-transaction@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-common@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugin-logging@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-postgresql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-mysql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-bootstrap@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-scenario-consistencycheck@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-mysql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-tracing-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-logging-type@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-distribution@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-jaeger@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-sql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-tracing-type@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-it-pipeline@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-cdc-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-metrics-prometheus@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-spi@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-postgresql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-postgresql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugins@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-scenario-migration@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-tracing-opentelemetry@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-showprocesslist@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-env@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugin-tracing@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-hbase@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugin-metrics@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-metrics-prometheus@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-pipeline@5.5.1-SNAPSHOT Evidence Type Source Name Value Confidence Vendor file name pom High Vendor project artifactid shardingsphere-data-pipeline-api Low Vendor project groupid org.apache.shardingsphere Highest Product file name pom High Product project artifactid shardingsphere-data-pipeline-api Highest Product project groupid org.apache.shardingsphere Low
org.apache.shardingsphere:shardingsphere-data-pipeline-cdc-client:5.5.1-SNAPSHOTDescription:
Build criterion and ecosystem above multi-model databases License:
Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/runner/work/shardingsphere-doc/shardingsphere-doc/shardingsphere/kernel/data-pipeline/scenario/cdc/client/pom.xml
Referenced In Project/Scope: shardingsphere-test-e2e-pipeline
org.apache.shardingsphere:shardingsphere-data-pipeline-cdc-client:5.5.1-SNAPSHOT is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-pipeline@5.5.1-SNAPSHOT
Evidence Type Source Name Value Confidence Vendor file name pom High Vendor project artifactid shardingsphere-data-pipeline-cdc-client Low Vendor project groupid org.apache.shardingsphere Highest Product file name pom High Product project artifactid shardingsphere-data-pipeline-cdc-client Highest Product project groupid org.apache.shardingsphere Low
org.apache.shardingsphere:shardingsphere-data-pipeline-cdc-core:5.5.1-SNAPSHOTDescription:
Build criterion and ecosystem above multi-model databases License:
Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/runner/work/shardingsphere-doc/shardingsphere-doc/shardingsphere/kernel/data-pipeline/scenario/cdc/core/pom.xml
Referenced In Projects/Scopes: shardingsphere-agent-logging-type shardingsphere-test-e2e-fixture shardingsphere-proxy-frontend-opengauss shardingsphere-proxy-distribution shardingsphere-agent-plugin-core shardingsphere-agent-metrics-prometheus shardingsphere-agent-metrics-core shardingsphere-data-pipeline-distsql-handler shardingsphere-test-e2e-agent-plugins-metrics-prometheus shardingsphere-test-e2e-agent-plugins-common shardingsphere-agent-logging-file shardingsphere-test-e2e-agent-plugins-logging-file shardingsphere-agent-plugin-logging shardingsphere-agent-plugins shardingsphere-agent-plugin-tracing shardingsphere-proxy-frontend-spi shardingsphere-agent-tracing-opentelemetry shardingsphere-test-e2e-sql shardingsphere-proxy-backend-mysql shardingsphere-proxy-frontend-mysql shardingsphere-agent-tracing-core shardingsphere-proxy-backend-core shardingsphere-proxy-backend-postgresql shardingsphere-test-e2e-transaction shardingsphere-proxy-backend-hbase shardingsphere-proxy-bootstrap shardingsphere-test-e2e-agent-plugins-jaeger shardingsphere-proxy-frontend-postgresql shardingsphere-test-e2e-agent-plugins-zipkin shardingsphere-test-e2e-env shardingsphere-test-e2e-showprocesslist shardingsphere-agent-tracing-type shardingsphere-agent-plugin-metrics shardingsphere-proxy-frontend-core shardingsphere-agent-metrics-type shardingsphere-test-e2e-pipeline shardingsphere-proxy-native-distribution shardingsphere-proxy-backend-opengauss org.apache.shardingsphere:shardingsphere-data-pipeline-cdc-core:5.5.1-SNAPSHOT is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-bootstrap@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-metrics-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-pipeline@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-hbase@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-tracing-opentelemetry@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-showprocesslist@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-logging-file@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-mysql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-logging-file@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugin-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-metrics-prometheus@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-fixture@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugins@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-mysql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-postgresql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-metrics-prometheus@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-opengauss@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugin-tracing@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-transaction@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-native-distribution@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-zipkin@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-tracing-type@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-jaeger@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-logging-type@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugin-logging@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-spi@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-env@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-common@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-distsql-handler@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-opengauss@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugin-metrics@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-postgresql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-metrics-type@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-sql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-distribution@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-tracing-core@5.5.1-SNAPSHOT Evidence Type Source Name Value Confidence Vendor file name pom High Vendor project artifactid shardingsphere-data-pipeline-cdc-core Low Vendor project groupid org.apache.shardingsphere Highest Product file name pom High Product project artifactid shardingsphere-data-pipeline-cdc-core Highest Product project groupid org.apache.shardingsphere Low
org.apache.shardingsphere:shardingsphere-data-pipeline-cdc-protocol:5.5.1-SNAPSHOTDescription:
Build criterion and ecosystem above multi-model databases License:
Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/runner/work/shardingsphere-doc/shardingsphere-doc/shardingsphere/kernel/data-pipeline/scenario/cdc/protocol/pom.xml
Referenced In Projects/Scopes: shardingsphere-agent-logging-type shardingsphere-test-e2e-fixture shardingsphere-proxy-frontend-opengauss shardingsphere-proxy-distribution shardingsphere-agent-plugin-core shardingsphere-agent-metrics-prometheus shardingsphere-agent-metrics-core shardingsphere-data-pipeline-distsql-handler shardingsphere-test-e2e-agent-plugins-metrics-prometheus shardingsphere-test-e2e-agent-plugins-common shardingsphere-agent-logging-file shardingsphere-test-e2e-agent-plugins-logging-file shardingsphere-data-pipeline-cdc-client shardingsphere-agent-plugin-logging shardingsphere-agent-plugins shardingsphere-agent-plugin-tracing shardingsphere-proxy-frontend-spi shardingsphere-agent-tracing-opentelemetry shardingsphere-test-e2e-sql shardingsphere-proxy-backend-mysql shardingsphere-proxy-frontend-mysql shardingsphere-agent-tracing-core shardingsphere-proxy-backend-core shardingsphere-proxy-backend-postgresql shardingsphere-test-e2e-transaction shardingsphere-proxy-backend-hbase shardingsphere-proxy-bootstrap shardingsphere-test-e2e-agent-plugins-jaeger shardingsphere-data-pipeline-cdc-core shardingsphere-proxy-frontend-postgresql shardingsphere-test-e2e-agent-plugins-zipkin shardingsphere-test-e2e-env shardingsphere-test-e2e-showprocesslist shardingsphere-agent-tracing-type shardingsphere-agent-plugin-metrics shardingsphere-proxy-frontend-core shardingsphere-agent-metrics-type shardingsphere-test-e2e-pipeline shardingsphere-proxy-native-distribution shardingsphere-proxy-backend-opengauss org.apache.shardingsphere:shardingsphere-data-pipeline-cdc-protocol:5.5.1-SNAPSHOT is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-logging-file@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-env@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-tracing-type@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-cdc-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugin-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-mysql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-logging-type@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugins@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-metrics-prometheus@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-distribution@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-metrics-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-distsql-handler@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-cdc-client@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugin-metrics@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-hbase@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-fixture@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-bootstrap@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-zipkin@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-tracing-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-pipeline@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-postgresql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-native-distribution@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-mysql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugin-tracing@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-metrics-prometheus@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-common@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-jaeger@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-logging-file@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-sql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-transaction@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-tracing-opentelemetry@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-showprocesslist@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-metrics-type@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-opengauss@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugin-logging@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-postgresql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-spi@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-opengauss@5.5.1-SNAPSHOT Evidence Type Source Name Value Confidence Vendor file name pom High Vendor project artifactid shardingsphere-data-pipeline-cdc-protocol Low Vendor project groupid org.apache.shardingsphere Highest Product file name pom High Product project artifactid shardingsphere-data-pipeline-cdc-protocol Highest Product project groupid org.apache.shardingsphere Low
org.apache.shardingsphere:shardingsphere-data-pipeline-core:5.5.1-SNAPSHOTDescription:
Build criterion and ecosystem above multi-model databases License:
Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/runner/work/shardingsphere-doc/shardingsphere-doc/shardingsphere/kernel/data-pipeline/core/pom.xml
Referenced In Projects/Scopes: shardingsphere-agent-logging-type shardingsphere-test-e2e-fixture shardingsphere-proxy-frontend-opengauss shardingsphere-proxy-distribution shardingsphere-agent-plugin-core shardingsphere-agent-metrics-prometheus shardingsphere-agent-metrics-core shardingsphere-data-pipeline-distsql-handler shardingsphere-test-e2e-agent-plugins-metrics-prometheus shardingsphere-test-e2e-agent-plugins-common shardingsphere-agent-logging-file shardingsphere-data-pipeline-scenario-consistencycheck shardingsphere-test-e2e-agent-plugins-logging-file shardingsphere-agent-plugin-logging shardingsphere-agent-plugins shardingsphere-agent-plugin-tracing shardingsphere-proxy-frontend-spi shardingsphere-agent-tracing-opentelemetry shardingsphere-test-e2e-sql shardingsphere-proxy-backend-mysql shardingsphere-data-pipeline-postgresql shardingsphere-proxy-frontend-mysql shardingsphere-agent-tracing-core shardingsphere-proxy-backend-core shardingsphere-test-it-pipeline shardingsphere-proxy-backend-postgresql shardingsphere-test-e2e-transaction shardingsphere-data-pipeline-opengauss shardingsphere-proxy-backend-hbase shardingsphere-proxy-bootstrap shardingsphere-test-e2e-agent-plugins-jaeger shardingsphere-data-pipeline-cdc-core shardingsphere-data-pipeline-mysql shardingsphere-proxy-frontend-postgresql shardingsphere-test-e2e-agent-plugins-zipkin shardingsphere-test-e2e-env shardingsphere-test-e2e-showprocesslist shardingsphere-agent-tracing-type shardingsphere-agent-plugin-metrics shardingsphere-proxy-frontend-core shardingsphere-agent-metrics-type shardingsphere-test-e2e-pipeline shardingsphere-data-pipeline-scenario-migration shardingsphere-proxy-native-distribution shardingsphere-proxy-backend-opengauss org.apache.shardingsphere:shardingsphere-data-pipeline-core:5.5.1-SNAPSHOT is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.shardingsphere/shardingsphere-agent-metrics-prometheus@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-logging-type@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugins@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugin-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-bootstrap@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-postgresql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-mysql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-opengauss@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-spi@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-logging-file@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugin-logging@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-hbase@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugin-tracing@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-tracing-type@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-it-pipeline@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-postgresql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-mysql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-scenario-migration@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-scenario-consistencycheck@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-metrics-type@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-tracing-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-env@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-sql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-distribution@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-distsql-handler@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-fixture@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-metrics-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-common@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-zipkin@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-cdc-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-opengauss@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-tracing-opentelemetry@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-pipeline@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugin-metrics@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-logging-file@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-jaeger@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-opengauss@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-mysql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-transaction@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-showprocesslist@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-native-distribution@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-metrics-prometheus@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-postgresql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT Evidence Type Source Name Value Confidence Vendor file name pom High Vendor project artifactid shardingsphere-data-pipeline-core Low Vendor project groupid org.apache.shardingsphere Highest Product file name pom High Product project artifactid shardingsphere-data-pipeline-core Highest Product project groupid org.apache.shardingsphere Low
org.apache.shardingsphere:shardingsphere-data-pipeline-distsql-handler:5.5.1-SNAPSHOTDescription:
Build criterion and ecosystem above multi-model databases License:
Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/runner/work/shardingsphere-doc/shardingsphere-doc/shardingsphere/kernel/data-pipeline/distsql/handler/pom.xml
Referenced In Projects/Scopes: shardingsphere-agent-logging-type shardingsphere-test-e2e-fixture shardingsphere-proxy-frontend-opengauss shardingsphere-proxy-distribution shardingsphere-agent-plugin-core shardingsphere-agent-metrics-prometheus shardingsphere-agent-metrics-core shardingsphere-test-e2e-agent-plugins-metrics-prometheus shardingsphere-test-e2e-agent-plugins-common shardingsphere-agent-logging-file shardingsphere-test-e2e-agent-plugins-logging-file shardingsphere-agent-plugin-logging shardingsphere-agent-plugins shardingsphere-agent-plugin-tracing shardingsphere-proxy-frontend-spi shardingsphere-agent-tracing-opentelemetry shardingsphere-test-e2e-sql shardingsphere-proxy-backend-mysql shardingsphere-proxy-frontend-mysql shardingsphere-agent-tracing-core shardingsphere-proxy-backend-core shardingsphere-proxy-backend-postgresql shardingsphere-test-e2e-transaction shardingsphere-proxy-backend-hbase shardingsphere-proxy-bootstrap shardingsphere-test-e2e-agent-plugins-jaeger shardingsphere-proxy-frontend-postgresql shardingsphere-test-e2e-agent-plugins-zipkin shardingsphere-test-e2e-env shardingsphere-test-e2e-showprocesslist shardingsphere-agent-tracing-type shardingsphere-agent-plugin-metrics shardingsphere-proxy-frontend-core shardingsphere-agent-metrics-type shardingsphere-test-e2e-pipeline shardingsphere-proxy-native-distribution shardingsphere-proxy-backend-opengauss org.apache.shardingsphere:shardingsphere-data-pipeline-distsql-handler:5.5.1-SNAPSHOT is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-zipkin@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-hbase@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-mysql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-tracing-opentelemetry@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-logging-type@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-distribution@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-metrics-prometheus@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-bootstrap@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-native-distribution@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-metrics-type@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-postgresql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugin-logging@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-postgresql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-sql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-metrics-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugin-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-common@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-jaeger@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-logging-file@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-logging-file@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-tracing-type@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-tracing-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-fixture@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-pipeline@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-showprocesslist@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-opengauss@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-mysql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugins@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-opengauss@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-env@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-metrics-prometheus@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugin-metrics@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-transaction@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugin-tracing@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-spi@5.5.1-SNAPSHOT Evidence Type Source Name Value Confidence Vendor file name pom High Vendor project artifactid shardingsphere-data-pipeline-distsql-handler Low Vendor project groupid org.apache.shardingsphere Highest Product file name pom High Product project artifactid shardingsphere-data-pipeline-distsql-handler Highest Product project groupid org.apache.shardingsphere Low
org.apache.shardingsphere:shardingsphere-data-pipeline-distsql-parser:5.5.1-SNAPSHOTDescription:
Build criterion and ecosystem above multi-model databases License:
Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/runner/work/shardingsphere-doc/shardingsphere-doc/shardingsphere/kernel/data-pipeline/distsql/parser/pom.xml
Referenced In Projects/Scopes: shardingsphere-agent-logging-type shardingsphere-test-e2e-fixture shardingsphere-proxy-frontend-opengauss shardingsphere-proxy-distribution shardingsphere-agent-plugin-core shardingsphere-agent-metrics-prometheus shardingsphere-agent-metrics-core shardingsphere-data-pipeline-distsql-handler shardingsphere-test-e2e-agent-plugins-metrics-prometheus shardingsphere-test-e2e-agent-plugins-common shardingsphere-agent-logging-file shardingsphere-test-e2e-agent-plugins-logging-file shardingsphere-agent-plugin-logging shardingsphere-agent-plugins shardingsphere-agent-plugin-tracing shardingsphere-proxy-frontend-spi shardingsphere-agent-tracing-opentelemetry shardingsphere-test-e2e-sql shardingsphere-proxy-backend-mysql shardingsphere-proxy-frontend-mysql shardingsphere-agent-tracing-core shardingsphere-proxy-backend-core shardingsphere-proxy-backend-postgresql shardingsphere-test-e2e-transaction shardingsphere-proxy-backend-hbase shardingsphere-proxy-bootstrap shardingsphere-test-e2e-agent-plugins-jaeger shardingsphere-test-it-optimizer shardingsphere-proxy-frontend-postgresql shardingsphere-test-e2e-agent-plugins-zipkin shardingsphere-test-e2e-env shardingsphere-test-e2e-showprocesslist shardingsphere-agent-tracing-type shardingsphere-agent-plugin-metrics shardingsphere-proxy-frontend-core shardingsphere-agent-metrics-type shardingsphere-test-e2e-pipeline shardingsphere-test-it-parser shardingsphere-proxy-native-distribution shardingsphere-proxy-backend-opengauss org.apache.shardingsphere:shardingsphere-data-pipeline-distsql-parser:5.5.1-SNAPSHOT is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.shardingsphere/shardingsphere-test-it-optimizer@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-distsql-handler@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-logging-file@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-opengauss@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-fixture@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-postgresql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-mysql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-bootstrap@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-metrics-type@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-tracing-type@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-sql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-metrics-prometheus@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-hbase@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugin-metrics@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-spi@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-mysql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugin-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-logging-type@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-zipkin@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-it-parser@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugin-logging@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-logging-file@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-transaction@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-opengauss@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-pipeline@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-common@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-distribution@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-tracing-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugins@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-postgresql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-tracing-opentelemetry@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-jaeger@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-metrics-prometheus@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-metrics-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugin-tracing@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-showprocesslist@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-native-distribution@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-env@5.5.1-SNAPSHOT Evidence Type Source Name Value Confidence Vendor file name pom High Vendor project artifactid shardingsphere-data-pipeline-distsql-parser Low Vendor project groupid org.apache.shardingsphere Highest Product file name pom High Product project artifactid shardingsphere-data-pipeline-distsql-parser Highest Product project groupid org.apache.shardingsphere Low
org.apache.shardingsphere:shardingsphere-data-pipeline-distsql-statement:5.5.1-SNAPSHOTDescription:
Build criterion and ecosystem above multi-model databases License:
Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/runner/work/shardingsphere-doc/shardingsphere-doc/shardingsphere/kernel/data-pipeline/distsql/statement/pom.xml
Referenced In Projects/Scopes: shardingsphere-agent-logging-type shardingsphere-test-e2e-fixture shardingsphere-proxy-frontend-opengauss shardingsphere-proxy-distribution shardingsphere-agent-plugin-core shardingsphere-agent-metrics-prometheus shardingsphere-data-pipeline-distsql-handler shardingsphere-test-e2e-agent-plugins-metrics-prometheus shardingsphere-test-e2e-agent-plugins-common shardingsphere-agent-logging-file shardingsphere-test-e2e-agent-plugins-logging-file shardingsphere-agent-plugin-logging shardingsphere-agent-plugins shardingsphere-agent-plugin-tracing shardingsphere-proxy-frontend-spi shardingsphere-agent-tracing-opentelemetry shardingsphere-test-e2e-sql shardingsphere-proxy-backend-mysql shardingsphere-proxy-frontend-mysql shardingsphere-data-pipeline-distsql-parser shardingsphere-agent-tracing-core shardingsphere-proxy-backend-core shardingsphere-test-it-pipeline shardingsphere-proxy-backend-postgresql shardingsphere-test-e2e-transaction shardingsphere-proxy-backend-hbase shardingsphere-proxy-bootstrap shardingsphere-test-e2e-agent-plugins-jaeger shardingsphere-test-it-optimizer shardingsphere-proxy-frontend-postgresql shardingsphere-test-e2e-agent-plugins-zipkin shardingsphere-test-e2e-env shardingsphere-test-e2e-showprocesslist shardingsphere-agent-tracing-type shardingsphere-agent-plugin-metrics shardingsphere-proxy-frontend-core shardingsphere-agent-metrics-type shardingsphere-test-e2e-pipeline shardingsphere-data-pipeline-scenario-migration shardingsphere-test-it-parser shardingsphere-proxy-native-distribution shardingsphere-proxy-backend-opengauss org.apache.shardingsphere:shardingsphere-data-pipeline-distsql-statement:5.5.1-SNAPSHOT is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.shardingsphere/shardingsphere-test-it-parser@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-opengauss@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-metrics-prometheus@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-transaction@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-postgresql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-metrics-prometheus@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugin-tracing@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-showprocesslist@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-zipkin@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-opengauss@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugin-metrics@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugin-logging@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-postgresql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-mysql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-logging-file@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-scenario-migration@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-distsql-handler@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-sql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-native-distribution@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugins@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-fixture@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-common@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-tracing-type@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-tracing-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-hbase@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-it-pipeline@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-logging-type@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugin-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-distsql-parser@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-bootstrap@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-logging-file@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-distribution@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-mysql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-tracing-opentelemetry@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-metrics-type@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-it-optimizer@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-spi@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-pipeline@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-env@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-jaeger@5.5.1-SNAPSHOT Evidence Type Source Name Value Confidence Vendor file name pom High Vendor project artifactid shardingsphere-data-pipeline-distsql-statement Low Vendor project groupid org.apache.shardingsphere Highest Product file name pom High Product project artifactid shardingsphere-data-pipeline-distsql-statement Highest Product project groupid org.apache.shardingsphere Low
org.apache.shardingsphere:shardingsphere-data-pipeline-mysql:5.5.1-SNAPSHOTDescription:
Build criterion and ecosystem above multi-model databases License:
Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/runner/work/shardingsphere-doc/shardingsphere-doc/shardingsphere/kernel/data-pipeline/dialect/mysql/pom.xml
Referenced In Projects/Scopes: shardingsphere-agent-logging-type shardingsphere-test-e2e-fixture shardingsphere-proxy-frontend-opengauss shardingsphere-proxy-distribution shardingsphere-agent-plugin-core shardingsphere-agent-metrics-prometheus shardingsphere-agent-metrics-core shardingsphere-test-e2e-agent-plugins-metrics-prometheus shardingsphere-test-e2e-agent-plugins-common shardingsphere-agent-logging-file shardingsphere-test-e2e-agent-plugins-logging-file shardingsphere-agent-plugin-logging shardingsphere-agent-plugins shardingsphere-agent-plugin-tracing shardingsphere-proxy-frontend-spi shardingsphere-agent-tracing-opentelemetry shardingsphere-test-e2e-sql shardingsphere-proxy-backend-mysql shardingsphere-proxy-frontend-mysql shardingsphere-agent-tracing-core shardingsphere-proxy-backend-core shardingsphere-test-it-pipeline shardingsphere-proxy-backend-postgresql shardingsphere-test-e2e-transaction shardingsphere-proxy-backend-hbase shardingsphere-proxy-bootstrap shardingsphere-test-e2e-agent-plugins-jaeger shardingsphere-proxy-frontend-postgresql shardingsphere-test-e2e-agent-plugins-zipkin shardingsphere-test-e2e-env shardingsphere-test-e2e-showprocesslist shardingsphere-agent-tracing-type shardingsphere-agent-plugin-metrics shardingsphere-proxy-frontend-core shardingsphere-agent-metrics-type shardingsphere-test-e2e-pipeline shardingsphere-proxy-native-distribution shardingsphere-proxy-backend-opengauss org.apache.shardingsphere:shardingsphere-data-pipeline-mysql:5.5.1-SNAPSHOT is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-jaeger@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-metrics-type@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugin-tracing@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-tracing-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugin-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-common@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-mysql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-bootstrap@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-opengauss@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-it-pipeline@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-metrics-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-spi@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-metrics-prometheus@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-tracing-type@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-opengauss@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-zipkin@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-postgresql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugin-metrics@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-fixture@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-logging-type@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugins@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-transaction@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-postgresql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-pipeline@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-sql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-distribution@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-showprocesslist@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-logging-file@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-metrics-prometheus@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-mysql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-hbase@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-env@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-tracing-opentelemetry@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-native-distribution@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-logging-file@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugin-logging@5.5.1-SNAPSHOT Evidence Type Source Name Value Confidence Vendor file name pom High Vendor project artifactid shardingsphere-data-pipeline-mysql Low Vendor project groupid org.apache.shardingsphere Highest Product file name pom High Product project artifactid shardingsphere-data-pipeline-mysql Highest Product project groupid org.apache.shardingsphere Low
org.apache.shardingsphere:shardingsphere-data-pipeline-opengauss:5.5.1-SNAPSHOTDescription:
Build criterion and ecosystem above multi-model databases License:
Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/runner/work/shardingsphere-doc/shardingsphere-doc/shardingsphere/kernel/data-pipeline/dialect/opengauss/pom.xml
Referenced In Projects/Scopes: shardingsphere-agent-logging-type shardingsphere-test-e2e-fixture shardingsphere-proxy-frontend-opengauss shardingsphere-proxy-distribution shardingsphere-agent-plugin-core shardingsphere-agent-metrics-prometheus shardingsphere-agent-metrics-core shardingsphere-test-e2e-agent-plugins-metrics-prometheus shardingsphere-test-e2e-agent-plugins-common shardingsphere-agent-logging-file shardingsphere-test-e2e-agent-plugins-logging-file shardingsphere-agent-plugin-logging shardingsphere-agent-plugins shardingsphere-agent-plugin-tracing shardingsphere-proxy-frontend-spi shardingsphere-agent-tracing-opentelemetry shardingsphere-test-e2e-sql shardingsphere-proxy-backend-mysql shardingsphere-proxy-frontend-mysql shardingsphere-agent-tracing-core shardingsphere-proxy-backend-core shardingsphere-test-it-pipeline shardingsphere-proxy-backend-postgresql shardingsphere-test-e2e-transaction shardingsphere-proxy-backend-hbase shardingsphere-proxy-bootstrap shardingsphere-test-e2e-agent-plugins-jaeger shardingsphere-proxy-frontend-postgresql shardingsphere-test-e2e-agent-plugins-zipkin shardingsphere-test-e2e-env shardingsphere-test-e2e-showprocesslist shardingsphere-agent-tracing-type shardingsphere-agent-plugin-metrics shardingsphere-proxy-frontend-core shardingsphere-agent-metrics-type shardingsphere-test-e2e-pipeline shardingsphere-proxy-native-distribution shardingsphere-proxy-backend-opengauss org.apache.shardingsphere:shardingsphere-data-pipeline-opengauss:5.5.1-SNAPSHOT is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-distribution@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-common@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-metrics-type@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-postgresql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-env@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-bootstrap@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-spi@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-sql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-hbase@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugin-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugin-logging@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-metrics-prometheus@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-it-pipeline@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-postgresql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-tracing-opentelemetry@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-opengauss@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-jaeger@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-fixture@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugin-metrics@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-transaction@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugin-tracing@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-zipkin@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-metrics-prometheus@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-logging-file@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-opengauss@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-mysql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-logging-file@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugins@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-metrics-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-showprocesslist@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-mysql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-tracing-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-native-distribution@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-logging-type@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-tracing-type@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-pipeline@5.5.1-SNAPSHOT Evidence Type Source Name Value Confidence Vendor file name pom High Vendor project artifactid shardingsphere-data-pipeline-opengauss Low Vendor project groupid org.apache.shardingsphere Highest Product file name pom High Product project artifactid shardingsphere-data-pipeline-opengauss Highest Product project groupid org.apache.shardingsphere Low
org.apache.shardingsphere:shardingsphere-data-pipeline-postgresql:5.5.1-SNAPSHOTDescription:
Build criterion and ecosystem above multi-model databases License:
Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/runner/work/shardingsphere-doc/shardingsphere-doc/shardingsphere/kernel/data-pipeline/dialect/postgresql/pom.xml
Referenced In Projects/Scopes: shardingsphere-agent-logging-type shardingsphere-test-e2e-fixture shardingsphere-proxy-frontend-opengauss shardingsphere-proxy-distribution shardingsphere-agent-plugin-core shardingsphere-agent-metrics-prometheus shardingsphere-agent-metrics-core shardingsphere-test-e2e-agent-plugins-metrics-prometheus shardingsphere-test-e2e-agent-plugins-common shardingsphere-agent-logging-file shardingsphere-test-e2e-agent-plugins-logging-file shardingsphere-agent-plugin-logging shardingsphere-agent-plugins shardingsphere-agent-plugin-tracing shardingsphere-proxy-frontend-spi shardingsphere-agent-tracing-opentelemetry shardingsphere-test-e2e-sql shardingsphere-proxy-backend-mysql shardingsphere-proxy-frontend-mysql shardingsphere-agent-tracing-core shardingsphere-proxy-backend-core shardingsphere-test-it-pipeline shardingsphere-proxy-backend-postgresql shardingsphere-test-e2e-transaction shardingsphere-data-pipeline-opengauss shardingsphere-proxy-backend-hbase shardingsphere-proxy-bootstrap shardingsphere-test-e2e-agent-plugins-jaeger shardingsphere-proxy-frontend-postgresql shardingsphere-test-e2e-agent-plugins-zipkin shardingsphere-test-e2e-env shardingsphere-test-e2e-showprocesslist shardingsphere-agent-tracing-type shardingsphere-agent-plugin-metrics shardingsphere-proxy-frontend-core shardingsphere-agent-metrics-type shardingsphere-test-e2e-pipeline shardingsphere-proxy-native-distribution shardingsphere-proxy-backend-opengauss org.apache.shardingsphere:shardingsphere-data-pipeline-postgresql:5.5.1-SNAPSHOT is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-sql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-zipkin@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-opengauss@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-pipeline@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-tracing-opentelemetry@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-opengauss@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-tracing-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-logging-file@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugin-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-bootstrap@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-spi@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-transaction@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-common@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-metrics-type@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-postgresql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-tracing-type@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-it-pipeline@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-jaeger@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-metrics-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-showprocesslist@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-fixture@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-mysql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-env@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-logging-file@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-metrics-prometheus@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugin-metrics@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-opengauss@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-native-distribution@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-metrics-prometheus@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-mysql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-logging-type@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugins@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-distribution@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-hbase@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugin-tracing@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugin-logging@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-postgresql@5.5.1-SNAPSHOT Evidence Type Source Name Value Confidence Vendor file name pom High Vendor project artifactid shardingsphere-data-pipeline-postgresql Low Vendor project groupid org.apache.shardingsphere Highest Product file name pom High Product project artifactid shardingsphere-data-pipeline-postgresql Highest Product project groupid org.apache.shardingsphere Low
org.apache.shardingsphere:shardingsphere-data-pipeline-scenario-consistencycheck:5.5.1-SNAPSHOTDescription:
Build criterion and ecosystem above multi-model databases License:
Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/runner/work/shardingsphere-doc/shardingsphere-doc/shardingsphere/kernel/data-pipeline/scenario/consistencycheck/pom.xml
Referenced In Projects/Scopes: shardingsphere-agent-logging-type shardingsphere-test-e2e-fixture shardingsphere-proxy-frontend-opengauss shardingsphere-proxy-distribution shardingsphere-agent-plugin-core shardingsphere-agent-metrics-prometheus shardingsphere-agent-metrics-core shardingsphere-data-pipeline-distsql-handler shardingsphere-test-e2e-agent-plugins-metrics-prometheus shardingsphere-test-e2e-agent-plugins-common shardingsphere-agent-logging-file shardingsphere-test-e2e-agent-plugins-logging-file shardingsphere-agent-plugin-logging shardingsphere-agent-plugins shardingsphere-agent-plugin-tracing shardingsphere-proxy-frontend-spi shardingsphere-agent-tracing-opentelemetry shardingsphere-test-e2e-sql shardingsphere-proxy-backend-mysql shardingsphere-proxy-frontend-mysql shardingsphere-agent-tracing-core shardingsphere-proxy-backend-core shardingsphere-test-it-pipeline shardingsphere-proxy-backend-postgresql shardingsphere-test-e2e-transaction shardingsphere-proxy-backend-hbase shardingsphere-proxy-bootstrap shardingsphere-test-e2e-agent-plugins-jaeger shardingsphere-proxy-frontend-postgresql shardingsphere-test-e2e-agent-plugins-zipkin shardingsphere-test-e2e-env shardingsphere-test-e2e-showprocesslist shardingsphere-agent-tracing-type shardingsphere-agent-plugin-metrics shardingsphere-proxy-frontend-core shardingsphere-agent-metrics-type shardingsphere-test-e2e-pipeline shardingsphere-proxy-native-distribution shardingsphere-proxy-backend-opengauss org.apache.shardingsphere:shardingsphere-data-pipeline-scenario-consistencycheck:5.5.1-SNAPSHOT is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-native-distribution@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-env@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-metrics-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugin-metrics@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-tracing-type@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-postgresql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-metrics-prometheus@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-pipeline@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-logging-type@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-spi@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-metrics-type@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-fixture@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-tracing-opentelemetry@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-metrics-prometheus@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-opengauss@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-showprocesslist@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-zipkin@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-transaction@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-bootstrap@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-it-pipeline@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-logging-file@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-mysql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugins@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-sql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugin-tracing@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-postgresql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-opengauss@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-distribution@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-tracing-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-logging-file@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-distsql-handler@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-hbase@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-mysql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-jaeger@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-common@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugin-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugin-logging@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT Evidence Type Source Name Value Confidence Vendor file name pom High Vendor project artifactid shardingsphere-data-pipeline-scenario-consistencycheck Low Vendor project groupid org.apache.shardingsphere Highest Product file name pom High Product project artifactid shardingsphere-data-pipeline-scenario-consistencycheck Highest Product project groupid org.apache.shardingsphere Low
org.apache.shardingsphere:shardingsphere-data-pipeline-scenario-migration:5.5.1-SNAPSHOTDescription:
Build criterion and ecosystem above multi-model databases License:
Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/runner/work/shardingsphere-doc/shardingsphere-doc/shardingsphere/kernel/data-pipeline/scenario/migration/pom.xml
Referenced In Projects/Scopes: shardingsphere-agent-logging-type shardingsphere-test-e2e-fixture shardingsphere-proxy-frontend-opengauss shardingsphere-proxy-distribution shardingsphere-agent-plugin-core shardingsphere-agent-metrics-prometheus shardingsphere-agent-metrics-core shardingsphere-data-pipeline-distsql-handler shardingsphere-test-e2e-agent-plugins-metrics-prometheus shardingsphere-test-e2e-agent-plugins-common shardingsphere-agent-logging-file shardingsphere-test-e2e-agent-plugins-logging-file shardingsphere-agent-plugin-logging shardingsphere-agent-plugins shardingsphere-agent-plugin-tracing shardingsphere-proxy-frontend-spi shardingsphere-agent-tracing-opentelemetry shardingsphere-test-e2e-sql shardingsphere-proxy-backend-mysql shardingsphere-proxy-frontend-mysql shardingsphere-agent-tracing-core shardingsphere-proxy-backend-core shardingsphere-test-it-pipeline shardingsphere-proxy-backend-postgresql shardingsphere-test-e2e-transaction shardingsphere-proxy-backend-hbase shardingsphere-proxy-bootstrap shardingsphere-test-e2e-agent-plugins-jaeger shardingsphere-proxy-frontend-postgresql shardingsphere-test-e2e-agent-plugins-zipkin shardingsphere-test-e2e-env shardingsphere-test-e2e-showprocesslist shardingsphere-agent-tracing-type shardingsphere-agent-plugin-metrics shardingsphere-proxy-frontend-core shardingsphere-agent-metrics-type shardingsphere-test-e2e-pipeline shardingsphere-proxy-native-distribution shardingsphere-proxy-backend-opengauss org.apache.shardingsphere:shardingsphere-data-pipeline-scenario-migration:5.5.1-SNAPSHOT is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-showprocesslist@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugin-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-logging-file@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-logging-file@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-bootstrap@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-sql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-transaction@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-env@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-postgresql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-tracing-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-opengauss@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-zipkin@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-postgresql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-distsql-handler@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugin-logging@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-metrics-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-metrics-prometheus@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-metrics-prometheus@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-pipeline@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-jaeger@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-hbase@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-mysql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-tracing-opentelemetry@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-spi@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugin-metrics@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-mysql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-opengauss@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-common@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugins@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-fixture@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-native-distribution@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-metrics-type@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-tracing-type@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-logging-type@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-distribution@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugin-tracing@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-it-pipeline@5.5.1-SNAPSHOT Evidence Type Source Name Value Confidence Vendor file name pom High Vendor project artifactid shardingsphere-data-pipeline-scenario-migration Low Vendor project groupid org.apache.shardingsphere Highest Product file name pom High Product project artifactid shardingsphere-data-pipeline-scenario-migration Highest Product project groupid org.apache.shardingsphere Low
org.apache.shardingsphere:shardingsphere-database-time-service:5.5.1-SNAPSHOTDescription:
Build criterion and ecosystem above multi-model databases License:
Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/runner/work/shardingsphere-doc/shardingsphere-doc/shardingsphere/kernel/time-service/type/database/pom.xml
Referenced In Project/Scope: shardingsphere-jdbc-distribution
org.apache.shardingsphere:shardingsphere-database-time-service:5.5.1-SNAPSHOT is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.shardingsphere/shardingsphere-jdbc-distribution@5.5.1-SNAPSHOT
Evidence Type Source Name Value Confidence Vendor file name pom High Vendor project artifactid shardingsphere-database-time-service Low Vendor project groupid org.apache.shardingsphere Highest Product file name pom High Product project artifactid shardingsphere-database-time-service Highest Product project groupid org.apache.shardingsphere Low
org.apache.shardingsphere:shardingsphere-db-protocol-core:5.5.1-SNAPSHOTDescription:
Build criterion and ecosystem above multi-model databases License:
Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/runner/work/shardingsphere-doc/shardingsphere-doc/shardingsphere/db-protocol/core/pom.xml
Referenced In Projects/Scopes: shardingsphere-agent-logging-type shardingsphere-test-e2e-fixture shardingsphere-proxy-frontend-opengauss shardingsphere-proxy-distribution shardingsphere-agent-plugin-core shardingsphere-agent-metrics-prometheus shardingsphere-agent-metrics-core shardingsphere-test-e2e-agent-plugins-metrics-prometheus shardingsphere-test-e2e-agent-plugins-common shardingsphere-agent-logging-file shardingsphere-test-e2e-agent-plugins-logging-file shardingsphere-agent-plugin-logging shardingsphere-agent-plugins shardingsphere-agent-plugin-tracing shardingsphere-proxy-frontend-spi shardingsphere-agent-tracing-opentelemetry shardingsphere-test-e2e-sql shardingsphere-proxy-backend-mysql shardingsphere-proxy-frontend-mysql shardingsphere-agent-tracing-core shardingsphere-proxy-backend-core shardingsphere-test-it-pipeline shardingsphere-proxy-backend-postgresql shardingsphere-test-e2e-transaction shardingsphere-proxy-backend-hbase shardingsphere-proxy-bootstrap shardingsphere-test-e2e-agent-plugins-jaeger shardingsphere-data-pipeline-mysql shardingsphere-proxy-frontend-postgresql shardingsphere-test-e2e-agent-plugins-zipkin shardingsphere-test-e2e-env shardingsphere-test-e2e-showprocesslist shardingsphere-agent-tracing-type shardingsphere-postgresql-protocol shardingsphere-agent-plugin-metrics shardingsphere-proxy-frontend-core shardingsphere-agent-metrics-type shardingsphere-mysql-protocol shardingsphere-opengauss-protocol shardingsphere-test-e2e-pipeline shardingsphere-proxy-native-distribution shardingsphere-proxy-backend-opengauss org.apache.shardingsphere:shardingsphere-db-protocol-core:5.5.1-SNAPSHOT is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.shardingsphere/shardingsphere-agent-metrics-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-native-distribution@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-showprocesslist@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-common@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-spi@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-env@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-metrics-prometheus@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-hbase@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-opengauss-protocol@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-bootstrap@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-opengauss@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-metrics-prometheus@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-opengauss@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-postgresql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-mysql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-zipkin@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugin-metrics@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-tracing-opentelemetry@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugins@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-distribution@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-mysql-protocol@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-mysql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-tracing-type@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugin-logging@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-logging-file@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugin-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-sql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-logging-file@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-fixture@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-postgresql-protocol@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-metrics-type@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-pipeline@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-logging-type@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-it-pipeline@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-transaction@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-postgresql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-mysql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-tracing-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-jaeger@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugin-tracing@5.5.1-SNAPSHOT Evidence Type Source Name Value Confidence Vendor file name pom High Vendor project artifactid shardingsphere-db-protocol-core Low Vendor project groupid org.apache.shardingsphere Highest Product file name pom High Product project artifactid shardingsphere-db-protocol-core Highest Product project groupid org.apache.shardingsphere Low
org.apache.shardingsphere:shardingsphere-encrypt-api:5.5.1-SNAPSHOTDescription:
Build criterion and ecosystem above multi-model databases License:
Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/runner/work/shardingsphere-doc/shardingsphere-doc/shardingsphere/features/encrypt/api/pom.xml
Referenced In Projects/Scopes: shardingsphere-agent-logging-type shardingsphere-proxy-frontend-opengauss shardingsphere-proxy-distribution shardingsphere-jdbc-distribution shardingsphere-agent-metrics-core shardingsphere-data-pipeline-distsql-handler shardingsphere-test-e2e-agent-plugins-metrics-prometheus shardingsphere-agent-plugin-logging shardingsphere-agent-plugin-tracing shardingsphere-test-e2e-sql shardingsphere-proxy-backend-mysql shardingsphere-jdbc shardingsphere-proxy-frontend-mysql shardingsphere-agent-tracing-core shardingsphere-test-it-pipeline shardingsphere-proxy-backend-postgresql shardingsphere-data-pipeline-opengauss shardingsphere-test-e2e-driver shardingsphere-encrypt-core shardingsphere-proxy-bootstrap shardingsphere-data-pipeline-cdc-core shardingsphere-test-e2e-agent-plugins-zipkin shardingsphere-test-e2e-env shardingsphere-test-e2e-showprocesslist shardingsphere-agent-tracing-type shardingsphere-proxy-frontend-core shardingsphere-data-pipeline-core shardingsphere-data-pipeline-scenario-migration shardingsphere-proxy-native-distribution shardingsphere-test-e2e-fixture shardingsphere-agent-plugin-core shardingsphere-agent-metrics-prometheus shardingsphere-test-e2e-agent-plugins-common shardingsphere-agent-logging-file shardingsphere-data-pipeline-scenario-consistencycheck shardingsphere-test-e2e-agent-plugins-logging-file shardingsphere-agent-plugins shardingsphere-proxy-frontend-spi shardingsphere-agent-tracing-opentelemetry shardingsphere-data-pipeline-postgresql shardingsphere-proxy-backend-core shardingsphere-test-e2e-transaction shardingsphere-proxy-backend-hbase shardingsphere-test-e2e-agent-plugins-jaeger shardingsphere-test-e2e-agent-jdbc-project shardingsphere-proxy-frontend-postgresql shardingsphere-agent-plugin-metrics shardingsphere-agent-metrics-type shardingsphere-encrypt-distsql-handler shardingsphere-test-e2e-pipeline shardingsphere-proxy-backend-opengauss org.apache.shardingsphere:shardingsphere-encrypt-api:5.5.1-SNAPSHOT is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-opengauss@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-metrics-type@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-native-distribution@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-logging-type@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugin-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-metrics-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-scenario-migration@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-jdbc-distribution@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-sql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-tracing-type@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-tracing-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-postgresql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-spi@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-bootstrap@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-it-pipeline@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-encrypt-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-opengauss@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-env@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugin-tracing@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-logging-file@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-fixture@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugins@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-jdbc@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-transaction@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugin-logging@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-metrics-prometheus@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-encrypt-distsql-handler@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-postgresql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-logging-file@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-mysql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-pipeline@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-distribution@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugin-metrics@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-jaeger@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-opengauss@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-zipkin@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-jdbc-project@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-distsql-handler@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-common@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-scenario-consistencycheck@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-mysql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-hbase@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-driver@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-postgresql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-tracing-opentelemetry@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-cdc-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-showprocesslist@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-metrics-prometheus@5.5.1-SNAPSHOT Evidence Type Source Name Value Confidence Vendor file name pom High Vendor project artifactid shardingsphere-encrypt-api Low Vendor project groupid org.apache.shardingsphere Highest Product file name pom High Product project artifactid shardingsphere-encrypt-api Highest Product project groupid org.apache.shardingsphere Low
org.apache.shardingsphere:shardingsphere-encrypt-core:5.5.1-SNAPSHOTDescription:
Build criterion and ecosystem above multi-model databases License:
Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/runner/work/shardingsphere-doc/shardingsphere-doc/shardingsphere/features/encrypt/core/pom.xml
Referenced In Projects/Scopes: shardingsphere-agent-logging-type shardingsphere-proxy-frontend-opengauss shardingsphere-proxy-distribution shardingsphere-jdbc-distribution shardingsphere-agent-metrics-core shardingsphere-data-pipeline-distsql-handler shardingsphere-test-e2e-agent-plugins-metrics-prometheus shardingsphere-agent-plugin-logging shardingsphere-agent-plugin-tracing shardingsphere-test-e2e-sql shardingsphere-proxy-backend-mysql shardingsphere-jdbc shardingsphere-proxy-frontend-mysql shardingsphere-agent-tracing-core shardingsphere-test-it-pipeline shardingsphere-proxy-backend-postgresql shardingsphere-data-pipeline-opengauss shardingsphere-test-e2e-driver shardingsphere-proxy-bootstrap shardingsphere-data-pipeline-cdc-core shardingsphere-test-e2e-agent-plugins-zipkin shardingsphere-test-e2e-env shardingsphere-test-e2e-showprocesslist shardingsphere-agent-tracing-type shardingsphere-proxy-frontend-core shardingsphere-data-pipeline-core shardingsphere-data-pipeline-scenario-migration shardingsphere-proxy-native-distribution shardingsphere-test-e2e-fixture shardingsphere-agent-plugin-core shardingsphere-agent-metrics-prometheus shardingsphere-test-e2e-agent-plugins-common shardingsphere-agent-logging-file shardingsphere-data-pipeline-scenario-consistencycheck shardingsphere-test-e2e-agent-plugins-logging-file shardingsphere-agent-plugins shardingsphere-proxy-frontend-spi shardingsphere-agent-tracing-opentelemetry shardingsphere-data-pipeline-postgresql shardingsphere-proxy-backend-core shardingsphere-test-e2e-transaction shardingsphere-proxy-backend-hbase shardingsphere-test-e2e-agent-plugins-jaeger shardingsphere-test-e2e-agent-jdbc-project shardingsphere-proxy-frontend-postgresql shardingsphere-agent-plugin-metrics shardingsphere-agent-metrics-type shardingsphere-encrypt-distsql-handler shardingsphere-test-e2e-pipeline shardingsphere-proxy-backend-opengauss org.apache.shardingsphere:shardingsphere-encrypt-core:5.5.1-SNAPSHOT is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-transaction@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-it-pipeline@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-native-distribution@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugin-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-cdc-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-opengauss@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-logging-file@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-env@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-tracing-opentelemetry@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugin-metrics@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-mysql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-distribution@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-showprocesslist@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-logging-type@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-mysql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-hbase@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-opengauss@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-distsql-handler@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-bootstrap@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugins@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-jdbc-distribution@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-fixture@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-logging-file@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-spi@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-scenario-migration@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-sql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-zipkin@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-metrics-prometheus@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-metrics-type@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-metrics-prometheus@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-postgresql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-driver@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-jdbc@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-tracing-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-common@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-postgresql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-postgresql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-opengauss@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-encrypt-distsql-handler@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-metrics-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugin-tracing@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-tracing-type@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-pipeline@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-jdbc-project@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-scenario-consistencycheck@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugin-logging@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-jaeger@5.5.1-SNAPSHOT Evidence Type Source Name Value Confidence Vendor file name pom High Vendor project artifactid shardingsphere-encrypt-core Low Vendor project groupid org.apache.shardingsphere Highest Product file name pom High Product project artifactid shardingsphere-encrypt-core Highest Product project groupid org.apache.shardingsphere Low
org.apache.shardingsphere:shardingsphere-encrypt-distsql-handler:5.5.1-SNAPSHOTDescription:
Build criterion and ecosystem above multi-model databases License:
Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/runner/work/shardingsphere-doc/shardingsphere-doc/shardingsphere/features/encrypt/distsql/handler/pom.xml
Referenced In Projects/Scopes: shardingsphere-agent-logging-type shardingsphere-test-e2e-fixture shardingsphere-proxy-frontend-opengauss shardingsphere-proxy-distribution shardingsphere-agent-plugin-core shardingsphere-agent-metrics-prometheus shardingsphere-agent-metrics-core shardingsphere-test-e2e-agent-plugins-metrics-prometheus shardingsphere-test-e2e-agent-plugins-common shardingsphere-agent-logging-file shardingsphere-test-e2e-agent-plugins-logging-file shardingsphere-agent-plugin-logging shardingsphere-agent-plugins shardingsphere-agent-plugin-tracing shardingsphere-proxy-frontend-spi shardingsphere-agent-tracing-opentelemetry shardingsphere-test-e2e-sql shardingsphere-proxy-backend-mysql shardingsphere-proxy-frontend-mysql shardingsphere-agent-tracing-core shardingsphere-proxy-backend-core shardingsphere-proxy-backend-postgresql shardingsphere-test-e2e-transaction shardingsphere-proxy-backend-hbase shardingsphere-proxy-bootstrap shardingsphere-test-e2e-agent-plugins-jaeger shardingsphere-proxy-frontend-postgresql shardingsphere-test-e2e-agent-plugins-zipkin shardingsphere-test-e2e-env shardingsphere-test-e2e-showprocesslist shardingsphere-agent-tracing-type shardingsphere-agent-plugin-metrics shardingsphere-proxy-frontend-core shardingsphere-agent-metrics-type shardingsphere-test-e2e-pipeline shardingsphere-proxy-native-distribution shardingsphere-proxy-backend-opengauss org.apache.shardingsphere:shardingsphere-encrypt-distsql-handler:5.5.1-SNAPSHOT is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.shardingsphere/shardingsphere-agent-tracing-opentelemetry@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugin-tracing@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-jaeger@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugin-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-postgresql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-zipkin@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-mysql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-showprocesslist@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-metrics-prometheus@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-sql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-metrics-prometheus@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-postgresql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-env@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-tracing-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-pipeline@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-hbase@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-transaction@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-distribution@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-opengauss@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-common@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-mysql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-opengauss@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-logging-file@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-metrics-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-tracing-type@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugins@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-metrics-type@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-spi@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-native-distribution@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugin-logging@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-logging-type@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-fixture@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-bootstrap@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-logging-file@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugin-metrics@5.5.1-SNAPSHOT Evidence Type Source Name Value Confidence Vendor file name pom High Vendor project artifactid shardingsphere-encrypt-distsql-handler Low Vendor project groupid org.apache.shardingsphere Highest Product file name pom High Product project artifactid shardingsphere-encrypt-distsql-handler Highest Product project groupid org.apache.shardingsphere Low
org.apache.shardingsphere:shardingsphere-encrypt-distsql-parser:5.5.1-SNAPSHOTDescription:
Build criterion and ecosystem above multi-model databases License:
Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/runner/work/shardingsphere-doc/shardingsphere-doc/shardingsphere/features/encrypt/distsql/parser/pom.xml
Referenced In Projects/Scopes: shardingsphere-agent-logging-type shardingsphere-test-e2e-fixture shardingsphere-proxy-frontend-opengauss shardingsphere-proxy-distribution shardingsphere-agent-plugin-core shardingsphere-agent-metrics-prometheus shardingsphere-agent-metrics-core shardingsphere-test-e2e-agent-plugins-metrics-prometheus shardingsphere-test-e2e-agent-plugins-common shardingsphere-agent-logging-file shardingsphere-test-e2e-agent-plugins-logging-file shardingsphere-agent-plugin-logging shardingsphere-agent-plugins shardingsphere-agent-plugin-tracing shardingsphere-proxy-frontend-spi shardingsphere-agent-tracing-opentelemetry shardingsphere-test-e2e-sql shardingsphere-proxy-backend-mysql shardingsphere-proxy-frontend-mysql shardingsphere-agent-tracing-core shardingsphere-proxy-backend-core shardingsphere-proxy-backend-postgresql shardingsphere-test-e2e-transaction shardingsphere-proxy-backend-hbase shardingsphere-proxy-bootstrap shardingsphere-test-e2e-agent-plugins-jaeger shardingsphere-test-it-optimizer shardingsphere-proxy-frontend-postgresql shardingsphere-test-e2e-agent-plugins-zipkin shardingsphere-test-e2e-env shardingsphere-test-e2e-showprocesslist shardingsphere-agent-tracing-type shardingsphere-agent-plugin-metrics shardingsphere-proxy-frontend-core shardingsphere-agent-metrics-type shardingsphere-encrypt-distsql-handler shardingsphere-test-e2e-pipeline shardingsphere-test-it-parser shardingsphere-proxy-native-distribution shardingsphere-proxy-backend-opengauss org.apache.shardingsphere:shardingsphere-encrypt-distsql-parser:5.5.1-SNAPSHOT is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-pipeline@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-showprocesslist@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugin-logging@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-env@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-metrics-prometheus@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-it-parser@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-tracing-type@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-distribution@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-mysql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-postgresql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-common@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-hbase@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-spi@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-logging-file@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-mysql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-it-optimizer@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-logging-file@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-metrics-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-metrics-type@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-encrypt-distsql-handler@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-postgresql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-sql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-tracing-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-tracing-opentelemetry@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugins@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-logging-type@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugin-tracing@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-fixture@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-bootstrap@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-opengauss@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-transaction@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugin-metrics@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-jaeger@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugin-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-native-distribution@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-opengauss@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-zipkin@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-metrics-prometheus@5.5.1-SNAPSHOT Evidence Type Source Name Value Confidence Vendor file name pom High Vendor project artifactid shardingsphere-encrypt-distsql-parser Low Vendor project groupid org.apache.shardingsphere Highest Product file name pom High Product project artifactid shardingsphere-encrypt-distsql-parser Highest Product project groupid org.apache.shardingsphere Low
org.apache.shardingsphere:shardingsphere-encrypt-distsql-statement:5.5.1-SNAPSHOTDescription:
Build criterion and ecosystem above multi-model databases License:
Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/runner/work/shardingsphere-doc/shardingsphere-doc/shardingsphere/features/encrypt/distsql/statement/pom.xml
Referenced In Projects/Scopes: shardingsphere-agent-logging-type shardingsphere-test-e2e-fixture shardingsphere-proxy-frontend-opengauss shardingsphere-proxy-distribution shardingsphere-agent-plugin-core shardingsphere-agent-metrics-prometheus shardingsphere-agent-metrics-core shardingsphere-test-e2e-agent-plugins-metrics-prometheus shardingsphere-test-e2e-agent-plugins-common shardingsphere-agent-logging-file shardingsphere-test-e2e-agent-plugins-logging-file shardingsphere-agent-plugin-logging shardingsphere-encrypt-distsql-parser shardingsphere-agent-plugins shardingsphere-agent-plugin-tracing shardingsphere-proxy-frontend-spi shardingsphere-agent-tracing-opentelemetry shardingsphere-test-e2e-sql shardingsphere-proxy-backend-mysql shardingsphere-proxy-frontend-mysql shardingsphere-agent-tracing-core shardingsphere-proxy-backend-core shardingsphere-proxy-backend-postgresql shardingsphere-test-e2e-transaction shardingsphere-proxy-backend-hbase shardingsphere-proxy-bootstrap shardingsphere-test-e2e-agent-plugins-jaeger shardingsphere-test-it-optimizer shardingsphere-proxy-frontend-postgresql shardingsphere-test-e2e-agent-plugins-zipkin shardingsphere-test-e2e-env shardingsphere-test-e2e-showprocesslist shardingsphere-agent-tracing-type shardingsphere-agent-plugin-metrics shardingsphere-proxy-frontend-core shardingsphere-agent-metrics-type shardingsphere-encrypt-distsql-handler shardingsphere-test-e2e-pipeline shardingsphere-test-it-parser shardingsphere-proxy-native-distribution shardingsphere-proxy-backend-opengauss org.apache.shardingsphere:shardingsphere-encrypt-distsql-statement:5.5.1-SNAPSHOT is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.shardingsphere/shardingsphere-agent-metrics-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugin-logging@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-tracing-opentelemetry@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-spi@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-transaction@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-opengauss@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-tracing-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-fixture@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-metrics-type@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-mysql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-distribution@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-bootstrap@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-native-distribution@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugin-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-showprocesslist@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-jaeger@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-sql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-postgresql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-common@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-it-parser@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-mysql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-env@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-opengauss@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-logging-file@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugin-tracing@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-hbase@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-logging-type@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-logging-file@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugins@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-encrypt-distsql-handler@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugin-metrics@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-metrics-prometheus@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-pipeline@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-it-optimizer@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-zipkin@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-encrypt-distsql-parser@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-metrics-prometheus@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-postgresql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-tracing-type@5.5.1-SNAPSHOT Evidence Type Source Name Value Confidence Vendor file name pom High Vendor project artifactid shardingsphere-encrypt-distsql-statement Low Vendor project groupid org.apache.shardingsphere Highest Product file name pom High Product project artifactid shardingsphere-encrypt-distsql-statement Highest Product project groupid org.apache.shardingsphere Low
org.apache.shardingsphere:shardingsphere-global-clock-api:5.5.1-SNAPSHOT org.apache.shardingsphere:shardingsphere-global-clock-core:5.5.1-SNAPSHOT org.apache.shardingsphere:shardingsphere-global-clock-distsql-handler:5.5.1-SNAPSHOTDescription:
Build criterion and ecosystem above multi-model databases License:
Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/runner/work/shardingsphere-doc/shardingsphere-doc/shardingsphere/kernel/global-clock/distsql/handler/pom.xml
Referenced In Projects/Scopes: shardingsphere-agent-logging-type shardingsphere-test-e2e-fixture shardingsphere-proxy-frontend-opengauss shardingsphere-proxy-distribution shardingsphere-agent-plugin-core shardingsphere-agent-metrics-prometheus shardingsphere-agent-metrics-core shardingsphere-test-e2e-agent-plugins-metrics-prometheus shardingsphere-test-e2e-agent-plugins-common shardingsphere-agent-logging-file shardingsphere-test-e2e-agent-plugins-logging-file shardingsphere-agent-plugin-logging shardingsphere-agent-plugins shardingsphere-agent-plugin-tracing shardingsphere-proxy-frontend-spi shardingsphere-agent-tracing-opentelemetry shardingsphere-test-e2e-sql shardingsphere-proxy-backend-mysql shardingsphere-proxy-frontend-mysql shardingsphere-agent-tracing-core shardingsphere-proxy-backend-core shardingsphere-proxy-backend-postgresql shardingsphere-test-e2e-transaction shardingsphere-proxy-backend-hbase shardingsphere-proxy-bootstrap shardingsphere-test-e2e-agent-plugins-jaeger shardingsphere-proxy-frontend-postgresql shardingsphere-test-e2e-agent-plugins-zipkin shardingsphere-test-e2e-env shardingsphere-test-e2e-showprocesslist shardingsphere-agent-tracing-type shardingsphere-agent-plugin-metrics shardingsphere-proxy-frontend-core shardingsphere-agent-metrics-type shardingsphere-test-e2e-pipeline shardingsphere-proxy-native-distribution shardingsphere-proxy-backend-opengauss org.apache.shardingsphere:shardingsphere-global-clock-distsql-handler:5.5.1-SNAPSHOT is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-mysql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-env@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-opengauss@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-tracing-type@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-opengauss@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-metrics-type@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-pipeline@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-spi@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-postgresql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-logging-file@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugin-tracing@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-distribution@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-logging-type@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-metrics-prometheus@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-sql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-tracing-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-native-distribution@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-jaeger@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugin-metrics@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-hbase@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-mysql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-logging-file@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugins@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-transaction@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-showprocesslist@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-common@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-postgresql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-metrics-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-bootstrap@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugin-logging@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-metrics-prometheus@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugin-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-zipkin@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-fixture@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-tracing-opentelemetry@5.5.1-SNAPSHOT Evidence Type Source Name Value Confidence Vendor file name pom High Vendor project artifactid shardingsphere-global-clock-distsql-handler Low Vendor project groupid org.apache.shardingsphere Highest Product file name pom High Product project artifactid shardingsphere-global-clock-distsql-handler Highest Product project groupid org.apache.shardingsphere Low
org.apache.shardingsphere:shardingsphere-global-clock-distsql-parser:5.5.1-SNAPSHOTDescription:
Build criterion and ecosystem above multi-model databases License:
Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/runner/work/shardingsphere-doc/shardingsphere-doc/shardingsphere/kernel/global-clock/distsql/parser/pom.xml
Referenced In Projects/Scopes: shardingsphere-agent-logging-type shardingsphere-test-e2e-fixture shardingsphere-proxy-frontend-opengauss shardingsphere-proxy-distribution shardingsphere-agent-plugin-core shardingsphere-agent-metrics-prometheus shardingsphere-agent-metrics-core shardingsphere-test-e2e-agent-plugins-metrics-prometheus shardingsphere-test-e2e-agent-plugins-common shardingsphere-agent-logging-file shardingsphere-test-e2e-agent-plugins-logging-file shardingsphere-global-clock-distsql-handler shardingsphere-agent-plugin-logging shardingsphere-agent-plugins shardingsphere-agent-plugin-tracing shardingsphere-proxy-frontend-spi shardingsphere-agent-tracing-opentelemetry shardingsphere-test-e2e-sql shardingsphere-proxy-backend-mysql shardingsphere-proxy-frontend-mysql shardingsphere-agent-tracing-core shardingsphere-proxy-backend-core shardingsphere-proxy-backend-postgresql shardingsphere-test-e2e-transaction shardingsphere-proxy-backend-hbase shardingsphere-proxy-bootstrap shardingsphere-test-e2e-agent-plugins-jaeger shardingsphere-test-it-optimizer shardingsphere-proxy-frontend-postgresql shardingsphere-test-e2e-agent-plugins-zipkin shardingsphere-test-e2e-env shardingsphere-test-e2e-showprocesslist shardingsphere-agent-tracing-type shardingsphere-agent-plugin-metrics shardingsphere-proxy-frontend-core shardingsphere-agent-metrics-type shardingsphere-test-e2e-pipeline shardingsphere-test-it-parser shardingsphere-proxy-native-distribution shardingsphere-proxy-backend-opengauss org.apache.shardingsphere:shardingsphere-global-clock-distsql-parser:5.5.1-SNAPSHOT is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-opengauss@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-fixture@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-mysql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-pipeline@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-tracing-opentelemetry@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-jaeger@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-tracing-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-logging-file@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-opengauss@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugin-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-bootstrap@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-it-parser@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-native-distribution@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-logging-type@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-logging-file@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-showprocesslist@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-metrics-prometheus@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugin-logging@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugin-metrics@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-metrics-prometheus@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-metrics-type@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-global-clock-distsql-handler@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-spi@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-sql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-it-optimizer@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-postgresql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugin-tracing@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-distribution@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-metrics-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-transaction@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-common@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugins@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-tracing-type@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-zipkin@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-mysql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-postgresql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-env@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-hbase@5.5.1-SNAPSHOT Evidence Type Source Name Value Confidence Vendor file name pom High Vendor project artifactid shardingsphere-global-clock-distsql-parser Low Vendor project groupid org.apache.shardingsphere Highest Product file name pom High Product project artifactid shardingsphere-global-clock-distsql-parser Highest Product project groupid org.apache.shardingsphere Low
org.apache.shardingsphere:shardingsphere-global-clock-distsql-statement:5.5.1-SNAPSHOTDescription:
Build criterion and ecosystem above multi-model databases License:
Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/runner/work/shardingsphere-doc/shardingsphere-doc/shardingsphere/kernel/global-clock/distsql/statement/pom.xml
Referenced In Projects/Scopes: shardingsphere-agent-logging-type shardingsphere-test-e2e-fixture shardingsphere-proxy-frontend-opengauss shardingsphere-proxy-distribution shardingsphere-agent-plugin-core shardingsphere-agent-metrics-prometheus shardingsphere-agent-metrics-core shardingsphere-test-e2e-agent-plugins-metrics-prometheus shardingsphere-test-e2e-agent-plugins-common shardingsphere-agent-logging-file shardingsphere-test-e2e-agent-plugins-logging-file shardingsphere-global-clock-distsql-handler shardingsphere-agent-plugin-logging shardingsphere-agent-plugins shardingsphere-agent-plugin-tracing shardingsphere-proxy-frontend-spi shardingsphere-agent-tracing-opentelemetry shardingsphere-test-e2e-sql shardingsphere-proxy-backend-mysql shardingsphere-proxy-frontend-mysql shardingsphere-agent-tracing-core shardingsphere-proxy-backend-core shardingsphere-proxy-backend-postgresql shardingsphere-test-e2e-transaction shardingsphere-proxy-backend-hbase shardingsphere-proxy-bootstrap shardingsphere-test-e2e-agent-plugins-jaeger shardingsphere-test-it-optimizer shardingsphere-proxy-frontend-postgresql shardingsphere-test-e2e-agent-plugins-zipkin shardingsphere-test-e2e-env shardingsphere-test-e2e-showprocesslist shardingsphere-agent-tracing-type shardingsphere-agent-plugin-metrics shardingsphere-proxy-frontend-core shardingsphere-agent-metrics-type shardingsphere-test-e2e-pipeline shardingsphere-test-it-parser shardingsphere-global-clock-distsql-parser shardingsphere-proxy-native-distribution shardingsphere-proxy-backend-opengauss org.apache.shardingsphere:shardingsphere-global-clock-distsql-statement:5.5.1-SNAPSHOT is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-hbase@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugins@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-logging-type@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-postgresql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-tracing-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-mysql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-spi@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-showprocesslist@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-jaeger@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-distribution@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugin-logging@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-opengauss@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-postgresql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-env@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-mysql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-global-clock-distsql-handler@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-metrics-type@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-tracing-opentelemetry@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-metrics-prometheus@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-logging-file@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-pipeline@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-bootstrap@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-opengauss@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-tracing-type@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-metrics-prometheus@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-metrics-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugin-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-it-parser@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-transaction@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-sql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugin-metrics@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-common@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-it-optimizer@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-native-distribution@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugin-tracing@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-global-clock-distsql-parser@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-fixture@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-zipkin@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-logging-file@5.5.1-SNAPSHOT Evidence Type Source Name Value Confidence Vendor file name pom High Vendor project artifactid shardingsphere-global-clock-distsql-statement Low Vendor project groupid org.apache.shardingsphere Highest Product file name pom High Product project artifactid shardingsphere-global-clock-distsql-statement Highest Product project groupid org.apache.shardingsphere Low
org.apache.shardingsphere:shardingsphere-global-clock-tso-core:5.5.1-SNAPSHOTDescription:
Build criterion and ecosystem above multi-model databases License:
Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/runner/work/shardingsphere-doc/shardingsphere-doc/shardingsphere/kernel/global-clock/type/tso/core/pom.xml
Referenced In Projects/Scopes: shardingsphere-agent-logging-type shardingsphere-proxy-frontend-opengauss shardingsphere-proxy-distribution shardingsphere-jdbc-distribution shardingsphere-agent-metrics-core shardingsphere-data-pipeline-distsql-handler shardingsphere-test-e2e-agent-plugins-metrics-prometheus shardingsphere-agent-plugin-logging shardingsphere-agent-plugin-tracing shardingsphere-test-e2e-sql shardingsphere-proxy-backend-mysql shardingsphere-jdbc shardingsphere-proxy-frontend-mysql shardingsphere-agent-tracing-core shardingsphere-test-it-pipeline shardingsphere-proxy-backend-postgresql shardingsphere-data-pipeline-opengauss shardingsphere-test-e2e-driver shardingsphere-proxy-bootstrap shardingsphere-data-pipeline-cdc-core shardingsphere-test-e2e-agent-plugins-zipkin shardingsphere-test-e2e-env shardingsphere-test-e2e-showprocesslist shardingsphere-agent-tracing-type shardingsphere-proxy-frontend-core shardingsphere-data-pipeline-core shardingsphere-data-pipeline-scenario-migration shardingsphere-proxy-native-distribution shardingsphere-test-e2e-fixture shardingsphere-agent-plugin-core shardingsphere-agent-metrics-prometheus shardingsphere-test-e2e-agent-plugins-common shardingsphere-agent-logging-file shardingsphere-data-pipeline-scenario-consistencycheck shardingsphere-test-e2e-agent-plugins-logging-file shardingsphere-agent-plugins shardingsphere-proxy-frontend-spi shardingsphere-agent-tracing-opentelemetry shardingsphere-data-pipeline-postgresql shardingsphere-proxy-backend-core shardingsphere-test-e2e-transaction shardingsphere-proxy-backend-hbase shardingsphere-test-e2e-agent-plugins-jaeger shardingsphere-test-e2e-agent-jdbc-project shardingsphere-proxy-frontend-postgresql shardingsphere-agent-plugin-metrics shardingsphere-agent-metrics-type shardingsphere-test-e2e-pipeline shardingsphere-proxy-backend-opengauss org.apache.shardingsphere:shardingsphere-global-clock-tso-core:5.5.1-SNAPSHOT is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-sql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-it-pipeline@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-jaeger@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-logging-file@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-distribution@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-tracing-opentelemetry@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-metrics-prometheus@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugin-tracing@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugin-logging@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-spi@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-postgresql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-zipkin@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-scenario-consistencycheck@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-jdbc-distribution@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-tracing-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-postgresql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugin-metrics@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-cdc-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-mysql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-pipeline@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-jdbc@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-driver@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-fixture@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-tracing-type@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-jdbc-project@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-bootstrap@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-opengauss@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-logging-file@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-logging-type@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-postgresql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-transaction@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-scenario-migration@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-opengauss@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-metrics-prometheus@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-mysql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-hbase@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-distsql-handler@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugins@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-common@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-opengauss@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugin-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-native-distribution@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-metrics-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-metrics-type@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-showprocesslist@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-env@5.5.1-SNAPSHOT Evidence Type Source Name Value Confidence Vendor file name pom High Vendor project artifactid shardingsphere-global-clock-tso-core Low Vendor project groupid org.apache.shardingsphere Highest Product file name pom High Product project artifactid shardingsphere-global-clock-tso-core Highest Product project groupid org.apache.shardingsphere Low
org.apache.shardingsphere:shardingsphere-global-clock-tso-provider-redis:5.5.1-SNAPSHOTDescription:
Build criterion and ecosystem above multi-model databases License:
Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/runner/work/shardingsphere-doc/shardingsphere-doc/shardingsphere/kernel/global-clock/type/tso/provider/redis/pom.xml
Referenced In Project/Scope: shardingsphere-global-clock-tso-core
org.apache.shardingsphere:shardingsphere-global-clock-tso-provider-redis:5.5.1-SNAPSHOT is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.shardingsphere/shardingsphere-global-clock-tso-core@5.5.1-SNAPSHOT
Evidence Type Source Name Value Confidence Vendor file name pom High Vendor project artifactid shardingsphere-global-clock-tso-provider-redis Low Vendor project groupid org.apache.shardingsphere Highest Product file name pom High Product project artifactid shardingsphere-global-clock-tso-provider-redis Highest Product project groupid org.apache.shardingsphere Low
org.apache.shardingsphere:shardingsphere-global-clock-tso-spi:5.5.1-SNAPSHOTDescription:
Build criterion and ecosystem above multi-model databases License:
Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/runner/work/shardingsphere-doc/shardingsphere-doc/shardingsphere/kernel/global-clock/type/tso/spi/pom.xml
Referenced In Projects/Scopes: shardingsphere-agent-logging-type shardingsphere-proxy-frontend-opengauss shardingsphere-proxy-distribution shardingsphere-jdbc-distribution shardingsphere-agent-metrics-core shardingsphere-data-pipeline-distsql-handler shardingsphere-test-e2e-agent-plugins-metrics-prometheus shardingsphere-agent-plugin-logging shardingsphere-global-clock-tso-provider-redis shardingsphere-agent-plugin-tracing shardingsphere-test-e2e-sql shardingsphere-proxy-backend-mysql shardingsphere-jdbc shardingsphere-proxy-frontend-mysql shardingsphere-agent-tracing-core shardingsphere-test-it-pipeline shardingsphere-proxy-backend-postgresql shardingsphere-data-pipeline-opengauss shardingsphere-test-e2e-driver shardingsphere-proxy-bootstrap shardingsphere-data-pipeline-cdc-core shardingsphere-test-e2e-agent-plugins-zipkin shardingsphere-test-e2e-env shardingsphere-test-e2e-showprocesslist shardingsphere-agent-tracing-type shardingsphere-proxy-frontend-core shardingsphere-data-pipeline-core shardingsphere-data-pipeline-scenario-migration shardingsphere-proxy-native-distribution shardingsphere-test-e2e-fixture shardingsphere-agent-plugin-core shardingsphere-agent-metrics-prometheus shardingsphere-test-e2e-agent-plugins-common shardingsphere-agent-logging-file shardingsphere-data-pipeline-scenario-consistencycheck shardingsphere-test-e2e-agent-plugins-logging-file shardingsphere-agent-plugins shardingsphere-proxy-frontend-spi shardingsphere-agent-tracing-opentelemetry shardingsphere-data-pipeline-postgresql shardingsphere-proxy-backend-core shardingsphere-test-e2e-transaction shardingsphere-proxy-backend-hbase shardingsphere-test-e2e-agent-plugins-jaeger shardingsphere-test-e2e-agent-jdbc-project shardingsphere-proxy-frontend-postgresql shardingsphere-global-clock-tso-core shardingsphere-agent-plugin-metrics shardingsphere-agent-metrics-type shardingsphere-test-e2e-pipeline shardingsphere-proxy-backend-opengauss org.apache.shardingsphere:shardingsphere-global-clock-tso-spi:5.5.1-SNAPSHOT is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-opengauss@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-distsql-handler@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-postgresql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-fixture@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-mysql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-logging-type@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-global-clock-tso-provider-redis@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugin-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-metrics-type@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-jdbc-distribution@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugins@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-logging-file@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-metrics-prometheus@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugin-logging@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-bootstrap@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugin-metrics@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-mysql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-postgresql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-common@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugin-tracing@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-hbase@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-transaction@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-global-clock-tso-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-native-distribution@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-it-pipeline@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-cdc-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-zipkin@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-jdbc@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-spi@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-logging-file@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-sql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-showprocesslist@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-jaeger@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-metrics-prometheus@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-postgresql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-scenario-consistencycheck@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-scenario-migration@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-opengauss@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-env@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-tracing-type@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-opengauss@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-tracing-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-pipeline@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-metrics-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-jdbc-project@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-driver@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-distribution@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-tracing-opentelemetry@5.5.1-SNAPSHOT Evidence Type Source Name Value Confidence Vendor file name pom High Vendor project artifactid shardingsphere-global-clock-tso-spi Low Vendor project groupid org.apache.shardingsphere Highest Product file name pom High Product project artifactid shardingsphere-global-clock-tso-spi Highest Product project groupid org.apache.shardingsphere Low
org.apache.shardingsphere:shardingsphere-infra-algorithm-core:5.5.1-SNAPSHOT org.apache.shardingsphere:shardingsphere-infra-algorithm-key-generator-core:5.5.1-SNAPSHOT org.apache.shardingsphere:shardingsphere-infra-algorithm-key-generator-snowflake:5.5.1-SNAPSHOT org.apache.shardingsphere:shardingsphere-infra-algorithm-key-generator-uuid:5.5.1-SNAPSHOT org.apache.shardingsphere:shardingsphere-infra-algorithm-load-balancer-core:5.5.1-SNAPSHOT org.apache.shardingsphere:shardingsphere-infra-algorithm-load-balancer-random:5.5.1-SNAPSHOTDescription:
Build criterion and ecosystem above multi-model databases License:
Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/runner/work/shardingsphere-doc/shardingsphere-doc/shardingsphere/infra/algorithm/load-balancer/type/random/pom.xml
Referenced In Projects/Scopes: shardingsphere-agent-logging-type shardingsphere-proxy-frontend-opengauss shardingsphere-proxy-distribution shardingsphere-jdbc-distribution shardingsphere-agent-metrics-core shardingsphere-data-pipeline-distsql-handler shardingsphere-test-e2e-agent-plugins-metrics-prometheus shardingsphere-agent-plugin-logging shardingsphere-agent-plugin-tracing shardingsphere-test-e2e-sql shardingsphere-readwrite-splitting-core shardingsphere-proxy-backend-mysql shardingsphere-jdbc shardingsphere-proxy-frontend-mysql shardingsphere-readwrite-splitting-distsql-handler shardingsphere-agent-tracing-core shardingsphere-test-it-pipeline shardingsphere-proxy-backend-postgresql shardingsphere-data-pipeline-opengauss shardingsphere-test-e2e-driver shardingsphere-proxy-bootstrap shardingsphere-data-pipeline-cdc-core shardingsphere-test-e2e-agent-plugins-zipkin shardingsphere-test-e2e-env shardingsphere-test-e2e-showprocesslist shardingsphere-agent-tracing-type shardingsphere-proxy-frontend-core shardingsphere-data-pipeline-core shardingsphere-data-pipeline-scenario-migration shardingsphere-proxy-native-distribution shardingsphere-test-e2e-fixture shardingsphere-agent-plugin-core shardingsphere-agent-metrics-prometheus shardingsphere-test-e2e-agent-plugins-common shardingsphere-agent-logging-file shardingsphere-data-pipeline-scenario-consistencycheck shardingsphere-test-e2e-agent-plugins-logging-file shardingsphere-agent-plugins shardingsphere-proxy-frontend-spi shardingsphere-agent-tracing-opentelemetry shardingsphere-data-pipeline-postgresql shardingsphere-proxy-backend-core shardingsphere-test-e2e-transaction shardingsphere-proxy-backend-hbase shardingsphere-test-e2e-agent-plugins-jaeger shardingsphere-test-e2e-agent-jdbc-project shardingsphere-proxy-frontend-postgresql shardingsphere-agent-plugin-metrics shardingsphere-agent-metrics-type shardingsphere-test-e2e-pipeline shardingsphere-proxy-backend-opengauss org.apache.shardingsphere:shardingsphere-infra-algorithm-load-balancer-random:5.5.1-SNAPSHOT is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-mysql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-env@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-native-distribution@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-hbase@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-jaeger@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-sql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-transaction@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-distsql-handler@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-tracing-type@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-jdbc@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-distribution@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-scenario-consistencycheck@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-driver@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-showprocesslist@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-metrics-prometheus@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-logging-type@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-jdbc-project@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-postgresql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-metrics-type@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-readwrite-splitting-distsql-handler@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-zipkin@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-metrics-prometheus@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-spi@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugin-tracing@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-jdbc-distribution@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugin-metrics@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-postgresql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-opengauss@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-logging-file@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugin-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-pipeline@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-bootstrap@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-opengauss@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-opengauss@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-logging-file@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-metrics-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-fixture@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-scenario-migration@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-postgresql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-mysql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-cdc-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-it-pipeline@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-tracing-opentelemetry@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-common@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-tracing-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugins@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugin-logging@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-readwrite-splitting-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT Evidence Type Source Name Value Confidence Vendor file name pom High Vendor project artifactid shardingsphere-infra-algorithm-load-balancer-random Low Vendor project groupid org.apache.shardingsphere Highest Product file name pom High Product project artifactid shardingsphere-infra-algorithm-load-balancer-random Highest Product project groupid org.apache.shardingsphere Low
org.apache.shardingsphere:shardingsphere-infra-algorithm-load-balancer-round-robin:5.5.1-SNAPSHOTDescription:
Build criterion and ecosystem above multi-model databases License:
Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/runner/work/shardingsphere-doc/shardingsphere-doc/shardingsphere/infra/algorithm/load-balancer/type/round-robin/pom.xml
Referenced In Projects/Scopes: shardingsphere-agent-logging-type shardingsphere-proxy-frontend-opengauss shardingsphere-proxy-distribution shardingsphere-jdbc-distribution shardingsphere-agent-metrics-core shardingsphere-data-pipeline-distsql-handler shardingsphere-test-e2e-agent-plugins-metrics-prometheus shardingsphere-agent-plugin-logging shardingsphere-agent-plugin-tracing shardingsphere-test-e2e-sql shardingsphere-readwrite-splitting-core shardingsphere-proxy-backend-mysql shardingsphere-jdbc shardingsphere-proxy-frontend-mysql shardingsphere-readwrite-splitting-distsql-handler shardingsphere-agent-tracing-core shardingsphere-test-it-pipeline shardingsphere-proxy-backend-postgresql shardingsphere-data-pipeline-opengauss shardingsphere-test-e2e-driver shardingsphere-proxy-bootstrap shardingsphere-data-pipeline-cdc-core shardingsphere-test-e2e-agent-plugins-zipkin shardingsphere-test-e2e-env shardingsphere-test-e2e-showprocesslist shardingsphere-agent-tracing-type shardingsphere-proxy-frontend-core shardingsphere-data-pipeline-core shardingsphere-data-pipeline-scenario-migration shardingsphere-proxy-native-distribution shardingsphere-test-e2e-fixture shardingsphere-agent-plugin-core shardingsphere-agent-metrics-prometheus shardingsphere-test-e2e-agent-plugins-common shardingsphere-agent-logging-file shardingsphere-data-pipeline-scenario-consistencycheck shardingsphere-test-e2e-agent-plugins-logging-file shardingsphere-agent-plugins shardingsphere-proxy-frontend-spi shardingsphere-agent-tracing-opentelemetry shardingsphere-data-pipeline-postgresql shardingsphere-proxy-backend-core shardingsphere-test-e2e-transaction shardingsphere-proxy-backend-hbase shardingsphere-test-e2e-agent-plugins-jaeger shardingsphere-test-e2e-agent-jdbc-project shardingsphere-proxy-frontend-postgresql shardingsphere-agent-plugin-metrics shardingsphere-agent-metrics-type shardingsphere-test-e2e-pipeline shardingsphere-proxy-backend-opengauss org.apache.shardingsphere:shardingsphere-infra-algorithm-load-balancer-round-robin:5.5.1-SNAPSHOT is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-showprocesslist@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugin-tracing@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-zipkin@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-postgresql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-postgresql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-logging-file@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-metrics-prometheus@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-mysql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-jdbc@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-jaeger@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-jdbc-distribution@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-distribution@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-opengauss@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-tracing-type@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-opengauss@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-scenario-consistencycheck@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-tracing-opentelemetry@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-opengauss@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-fixture@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-scenario-migration@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-cdc-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugin-logging@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-mysql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-postgresql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-logging-file@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-logging-type@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-metrics-prometheus@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugins@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-distsql-handler@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-common@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-tracing-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-spi@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-pipeline@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-readwrite-splitting-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-driver@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-readwrite-splitting-distsql-handler@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugin-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-jdbc-project@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-metrics-type@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-metrics-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugin-metrics@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-bootstrap@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-transaction@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-it-pipeline@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-env@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-hbase@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-native-distribution@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-sql@5.5.1-SNAPSHOT Evidence Type Source Name Value Confidence Vendor file name pom High Vendor project artifactid shardingsphere-infra-algorithm-load-balancer-round-robin Low Vendor project groupid org.apache.shardingsphere Highest Product file name pom High Product project artifactid shardingsphere-infra-algorithm-load-balancer-round-robin Highest Product project groupid org.apache.shardingsphere Low
org.apache.shardingsphere:shardingsphere-infra-algorithm-load-balancer-weight:5.5.1-SNAPSHOTDescription:
Build criterion and ecosystem above multi-model databases License:
Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/runner/work/shardingsphere-doc/shardingsphere-doc/shardingsphere/infra/algorithm/load-balancer/type/weight/pom.xml
Referenced In Projects/Scopes: shardingsphere-agent-logging-type shardingsphere-proxy-frontend-opengauss shardingsphere-proxy-distribution shardingsphere-jdbc-distribution shardingsphere-agent-metrics-core shardingsphere-data-pipeline-distsql-handler shardingsphere-test-e2e-agent-plugins-metrics-prometheus shardingsphere-agent-plugin-logging shardingsphere-agent-plugin-tracing shardingsphere-test-e2e-sql shardingsphere-readwrite-splitting-core shardingsphere-proxy-backend-mysql shardingsphere-jdbc shardingsphere-proxy-frontend-mysql shardingsphere-readwrite-splitting-distsql-handler shardingsphere-agent-tracing-core shardingsphere-test-it-pipeline shardingsphere-proxy-backend-postgresql shardingsphere-data-pipeline-opengauss shardingsphere-test-e2e-driver shardingsphere-proxy-bootstrap shardingsphere-data-pipeline-cdc-core shardingsphere-test-e2e-agent-plugins-zipkin shardingsphere-test-e2e-env shardingsphere-test-e2e-showprocesslist shardingsphere-agent-tracing-type shardingsphere-proxy-frontend-core shardingsphere-data-pipeline-core shardingsphere-data-pipeline-scenario-migration shardingsphere-proxy-native-distribution shardingsphere-test-e2e-fixture shardingsphere-agent-plugin-core shardingsphere-agent-metrics-prometheus shardingsphere-test-e2e-agent-plugins-common shardingsphere-agent-logging-file shardingsphere-data-pipeline-scenario-consistencycheck shardingsphere-test-e2e-agent-plugins-logging-file shardingsphere-agent-plugins shardingsphere-proxy-frontend-spi shardingsphere-agent-tracing-opentelemetry shardingsphere-data-pipeline-postgresql shardingsphere-proxy-backend-core shardingsphere-test-e2e-transaction shardingsphere-proxy-backend-hbase shardingsphere-test-e2e-agent-plugins-jaeger shardingsphere-test-e2e-agent-jdbc-project shardingsphere-proxy-frontend-postgresql shardingsphere-agent-plugin-metrics shardingsphere-agent-metrics-type shardingsphere-test-e2e-pipeline shardingsphere-proxy-backend-opengauss org.apache.shardingsphere:shardingsphere-infra-algorithm-load-balancer-weight:5.5.1-SNAPSHOT is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-cdc-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-logging-file@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-sql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-native-distribution@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-pipeline@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-scenario-migration@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-metrics-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-spi@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-mysql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-distsql-handler@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-zipkin@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-opengauss@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-opengauss@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-metrics-prometheus@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-showprocesslist@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-jdbc@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-jdbc-distribution@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugin-metrics@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-logging-type@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-logging-file@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-jdbc-project@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-transaction@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-postgresql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-tracing-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-common@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-mysql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-readwrite-splitting-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-metrics-type@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugin-logging@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-fixture@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-postgresql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-jaeger@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-hbase@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-opengauss@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-env@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-scenario-consistencycheck@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugin-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-tracing-type@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-distribution@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugin-tracing@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-driver@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-tracing-opentelemetry@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-postgresql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugins@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-bootstrap@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-readwrite-splitting-distsql-handler@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-metrics-prometheus@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-it-pipeline@5.5.1-SNAPSHOT Evidence Type Source Name Value Confidence Vendor file name pom High Vendor project artifactid shardingsphere-infra-algorithm-load-balancer-weight Low Vendor project groupid org.apache.shardingsphere Highest Product file name pom High Product project artifactid shardingsphere-infra-algorithm-load-balancer-weight Highest Product project groupid org.apache.shardingsphere Low
org.apache.shardingsphere:shardingsphere-infra-algorithm-message-digest-core:5.5.1-SNAPSHOT org.apache.shardingsphere:shardingsphere-infra-algorithm-message-digest-md5:5.5.1-SNAPSHOT org.apache.shardingsphere:shardingsphere-infra-binder:5.5.1-SNAPSHOT org.apache.shardingsphere:shardingsphere-infra-common:5.5.1-SNAPSHOT org.apache.shardingsphere:shardingsphere-infra-context:5.5.1-SNAPSHOT org.apache.shardingsphere:shardingsphere-infra-data-source-pool-core:5.5.1-SNAPSHOT org.apache.shardingsphere:shardingsphere-infra-data-source-pool-hikari:5.5.1-SNAPSHOT org.apache.shardingsphere:shardingsphere-infra-database-clickhouse:5.5.1-SNAPSHOT org.apache.shardingsphere:shardingsphere-infra-database-core:5.5.1-SNAPSHOT org.apache.shardingsphere:shardingsphere-infra-database-doris:5.5.1-SNAPSHOTDescription:
Build criterion and ecosystem above multi-model databases License:
Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/runner/work/shardingsphere-doc/shardingsphere-doc/shardingsphere/infra/database/type/doris/pom.xml
Referenced In Project/Scope: shardingsphere-parser-sql-doris
org.apache.shardingsphere:shardingsphere-infra-database-doris:5.5.1-SNAPSHOT is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.shardingsphere/shardingsphere-parser-sql-doris@5.5.1-SNAPSHOT
Evidence Type Source Name Value Confidence Vendor file name pom High Vendor project artifactid shardingsphere-infra-database-doris Low Vendor project groupid org.apache.shardingsphere Highest Product file name pom High Product project artifactid shardingsphere-infra-database-doris Highest Product project groupid org.apache.shardingsphere Low
org.apache.shardingsphere:shardingsphere-infra-database-h2:5.5.1-SNAPSHOT org.apache.shardingsphere:shardingsphere-infra-database-hive:5.5.1-SNAPSHOTDescription:
Build criterion and ecosystem above multi-model databases License:
Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/runner/work/shardingsphere-doc/shardingsphere-doc/shardingsphere/infra/database/type/hive/pom.xml
Referenced In Project/Scope: shardingsphere-parser-sql-hive
org.apache.shardingsphere:shardingsphere-infra-database-hive:5.5.1-SNAPSHOT is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.shardingsphere/shardingsphere-parser-sql-hive@5.5.1-SNAPSHOT
Evidence Type Source Name Value Confidence Vendor file name pom High Vendor project artifactid shardingsphere-infra-database-hive Low Vendor project groupid org.apache.shardingsphere Highest Product file name pom High Product project artifactid shardingsphere-infra-database-hive Highest Product project groupid org.apache.shardingsphere Low
org.apache.shardingsphere:shardingsphere-infra-database-mariadb:5.5.1-SNAPSHOT org.apache.shardingsphere:shardingsphere-infra-database-mysql:5.5.1-SNAPSHOT org.apache.shardingsphere:shardingsphere-infra-database-opengauss:5.5.1-SNAPSHOT org.apache.shardingsphere:shardingsphere-infra-database-oracle:5.5.1-SNAPSHOT org.apache.shardingsphere:shardingsphere-infra-database-p6spy:5.5.1-SNAPSHOT org.apache.shardingsphere:shardingsphere-infra-database-postgresql:5.5.1-SNAPSHOT org.apache.shardingsphere:shardingsphere-infra-database-presto:5.5.1-SNAPSHOTDescription:
Build criterion and ecosystem above multi-model databases License:
Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/runner/work/shardingsphere-doc/shardingsphere-doc/shardingsphere/infra/database/type/presto/pom.xml
Referenced In Project/Scope: shardingsphere-parser-sql-presto
org.apache.shardingsphere:shardingsphere-infra-database-presto:5.5.1-SNAPSHOT is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.shardingsphere/shardingsphere-parser-sql-presto@5.5.1-SNAPSHOT
Evidence Type Source Name Value Confidence Vendor file name pom High Vendor project artifactid shardingsphere-infra-database-presto Low Vendor project groupid org.apache.shardingsphere Highest Product file name pom High Product project artifactid shardingsphere-infra-database-presto Highest Product project groupid org.apache.shardingsphere Low
org.apache.shardingsphere:shardingsphere-infra-database-sql92:5.5.1-SNAPSHOT org.apache.shardingsphere:shardingsphere-infra-database-sqlserver:5.5.1-SNAPSHOT org.apache.shardingsphere:shardingsphere-infra-distsql-handler:5.5.1-SNAPSHOTDescription:
Build criterion and ecosystem above multi-model databases License:
Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/runner/work/shardingsphere-doc/shardingsphere-doc/shardingsphere/infra/distsql-handler/pom.xml
Referenced In Projects/Scopes: shardingsphere-agent-logging-type shardingsphere-proxy-frontend-opengauss shardingsphere-proxy-distribution shardingsphere-sql-parser-distsql-handler shardingsphere-agent-metrics-core shardingsphere-data-pipeline-distsql-handler shardingsphere-test-e2e-agent-plugins-metrics-prometheus shardingsphere-agent-plugin-logging shardingsphere-agent-plugin-tracing shardingsphere-test-e2e-sql shardingsphere-proxy-backend-mysql shardingsphere-proxy-frontend-mysql shardingsphere-readwrite-splitting-distsql-handler shardingsphere-agent-tracing-core shardingsphere-transaction-distsql-handler shardingsphere-sql-federation-distsql-handler shardingsphere-proxy-backend-postgresql shardingsphere-proxy-bootstrap shardingsphere-broadcast-distsql-handler shardingsphere-test-e2e-agent-plugins-zipkin shardingsphere-test-e2e-env shardingsphere-test-e2e-showprocesslist shardingsphere-agent-tracing-type shardingsphere-proxy-frontend-core shardingsphere-proxy-native-distribution shardingsphere-test-e2e-fixture shardingsphere-agent-plugin-core shardingsphere-agent-metrics-prometheus shardingsphere-test-e2e-agent-plugins-common shardingsphere-agent-logging-file shardingsphere-test-e2e-agent-plugins-logging-file shardingsphere-global-clock-distsql-handler shardingsphere-sql-translator-distsql-handler shardingsphere-agent-plugins shardingsphere-single-distsql-handler shardingsphere-proxy-frontend-spi shardingsphere-agent-tracing-opentelemetry shardingsphere-shadow-distsql-handler shardingsphere-sharding-distsql-handler shardingsphere-proxy-backend-core shardingsphere-test-e2e-transaction shardingsphere-proxy-backend-hbase shardingsphere-test-e2e-agent-plugins-jaeger shardingsphere-proxy-frontend-postgresql shardingsphere-authority-distsql-handler shardingsphere-mask-distsql-handler shardingsphere-agent-plugin-metrics shardingsphere-agent-metrics-type shardingsphere-encrypt-distsql-handler shardingsphere-test-e2e-pipeline shardingsphere-proxy-backend-opengauss org.apache.shardingsphere:shardingsphere-infra-distsql-handler:5.5.1-SNAPSHOT is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.shardingsphere/shardingsphere-agent-logging-type@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-postgresql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-sharding-distsql-handler@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-fixture@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-logging-file@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-metrics-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-zipkin@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-metrics-type@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-encrypt-distsql-handler@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-native-distribution@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugins@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-global-clock-distsql-handler@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugin-logging@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-metrics-prometheus@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-distsql-handler@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-distribution@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-mysql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-mysql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-common@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-jaeger@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-pipeline@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-opengauss@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-postgresql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-sql-translator-distsql-handler@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-shadow-distsql-handler@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-logging-file@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-sql-parser-distsql-handler@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugin-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-transaction-distsql-handler@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugin-tracing@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-env@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-mask-distsql-handler@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-spi@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-tracing-type@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-sql-federation-distsql-handler@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-transaction@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-single-distsql-handler@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-bootstrap@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-sql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugin-metrics@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-hbase@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-readwrite-splitting-distsql-handler@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-showprocesslist@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-broadcast-distsql-handler@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-authority-distsql-handler@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-tracing-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-opengauss@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-metrics-prometheus@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-tracing-opentelemetry@5.5.1-SNAPSHOT Evidence Type Source Name Value Confidence Vendor file name pom High Vendor project artifactid shardingsphere-infra-distsql-handler Low Vendor project groupid org.apache.shardingsphere Highest Product file name pom High Product project artifactid shardingsphere-infra-distsql-handler Highest Product project groupid org.apache.shardingsphere Low
org.apache.shardingsphere:shardingsphere-infra-exception-core:5.5.1-SNAPSHOT org.apache.shardingsphere:shardingsphere-infra-exception-dialect-core:5.5.1-SNAPSHOT org.apache.shardingsphere:shardingsphere-infra-executor:5.5.1-SNAPSHOT org.apache.shardingsphere:shardingsphere-infra-expr-core:5.5.1-SNAPSHOT org.apache.shardingsphere:shardingsphere-infra-expr-groovy:5.5.1-SNAPSHOT org.apache.shardingsphere:shardingsphere-infra-expr-interval:5.5.1-SNAPSHOT org.apache.shardingsphere:shardingsphere-infra-expr-literal:5.5.1-SNAPSHOT org.apache.shardingsphere:shardingsphere-infra-expr-spi:5.5.1-SNAPSHOT org.apache.shardingsphere:shardingsphere-infra-merge:5.5.1-SNAPSHOT org.apache.shardingsphere:shardingsphere-infra-parser:5.5.1-SNAPSHOT org.apache.shardingsphere:shardingsphere-infra-reachability-metadata:5.5.1-SNAPSHOTDescription:
Build criterion and ecosystem above multi-model databases License:
Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/runner/work/shardingsphere-doc/shardingsphere-doc/shardingsphere/infra/reachability-metadata/pom.xml
Referenced In Projects/Scopes: shardingsphere-agent-logging-type shardingsphere-proxy-frontend-opengauss shardingsphere-proxy-distribution shardingsphere-jdbc-distribution shardingsphere-agent-metrics-core shardingsphere-data-pipeline-distsql-handler shardingsphere-test-e2e-agent-plugins-metrics-prometheus shardingsphere-agent-plugin-logging shardingsphere-agent-plugin-tracing shardingsphere-test-e2e-sql shardingsphere-proxy-backend-mysql shardingsphere-jdbc shardingsphere-proxy-frontend-mysql shardingsphere-agent-tracing-core shardingsphere-test-it-pipeline shardingsphere-proxy-backend-postgresql shardingsphere-data-pipeline-opengauss shardingsphere-test-e2e-driver shardingsphere-proxy-bootstrap shardingsphere-data-pipeline-cdc-core shardingsphere-test-e2e-agent-plugins-zipkin shardingsphere-test-e2e-env shardingsphere-test-e2e-showprocesslist shardingsphere-agent-tracing-type shardingsphere-proxy-frontend-core shardingsphere-data-pipeline-core shardingsphere-data-pipeline-scenario-migration shardingsphere-proxy-native-distribution shardingsphere-test-e2e-fixture shardingsphere-agent-plugin-core shardingsphere-agent-metrics-prometheus shardingsphere-test-e2e-agent-plugins-common shardingsphere-agent-logging-file shardingsphere-data-pipeline-scenario-consistencycheck shardingsphere-test-e2e-agent-plugins-logging-file shardingsphere-agent-plugins shardingsphere-proxy-frontend-spi shardingsphere-agent-tracing-opentelemetry shardingsphere-data-pipeline-postgresql shardingsphere-proxy-backend-core shardingsphere-test-e2e-transaction shardingsphere-proxy-backend-hbase shardingsphere-test-e2e-agent-plugins-jaeger shardingsphere-test-e2e-agent-jdbc-project shardingsphere-proxy-frontend-postgresql shardingsphere-agent-plugin-metrics shardingsphere-agent-metrics-type shardingsphere-test-e2e-pipeline shardingsphere-proxy-backend-opengauss org.apache.shardingsphere:shardingsphere-infra-reachability-metadata:5.5.1-SNAPSHOT is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.shardingsphere/shardingsphere-agent-tracing-opentelemetry@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-tracing-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugin-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-it-pipeline@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-distribution@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-bootstrap@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-scenario-migration@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-showprocesslist@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-jaeger@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-spi@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-pipeline@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-jdbc-project@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-native-distribution@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-mysql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-opengauss@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugins@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-metrics-prometheus@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-cdc-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-postgresql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-driver@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-transaction@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-zipkin@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-logging-type@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugin-tracing@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-jdbc-distribution@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-sql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-fixture@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-metrics-type@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-scenario-consistencycheck@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-mysql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-opengauss@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-logging-file@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-metrics-prometheus@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-tracing-type@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-postgresql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-env@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-hbase@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-common@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-distsql-handler@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-logging-file@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugin-logging@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-jdbc@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-opengauss@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugin-metrics@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-metrics-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-postgresql@5.5.1-SNAPSHOT Evidence Type Source Name Value Confidence Vendor file name pom High Vendor project artifactid shardingsphere-infra-reachability-metadata Low Vendor project groupid org.apache.shardingsphere Highest Product file name pom High Product project artifactid shardingsphere-infra-reachability-metadata Highest Product project groupid org.apache.shardingsphere Low
org.apache.shardingsphere:shardingsphere-infra-rewrite:5.5.1-SNAPSHOT org.apache.shardingsphere:shardingsphere-infra-route:5.5.1-SNAPSHOT org.apache.shardingsphere:shardingsphere-infra-session:5.5.1-SNAPSHOT org.apache.shardingsphere:shardingsphere-infra-spi:5.5.1-SNAPSHOT org.apache.shardingsphere:shardingsphere-infra-url-absolutepath:5.5.1-SNAPSHOTDescription:
Build criterion and ecosystem above multi-model databases License:
Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/runner/work/shardingsphere-doc/shardingsphere-doc/shardingsphere/infra/url/type/absolutepath/pom.xml
Referenced In Projects/Scopes: shardingsphere-agent-logging-type shardingsphere-proxy-frontend-opengauss shardingsphere-proxy-distribution shardingsphere-jdbc-distribution shardingsphere-agent-metrics-core shardingsphere-data-pipeline-distsql-handler shardingsphere-test-e2e-agent-plugins-metrics-prometheus shardingsphere-agent-plugin-logging shardingsphere-agent-plugin-tracing shardingsphere-test-e2e-sql shardingsphere-proxy-backend-mysql shardingsphere-jdbc shardingsphere-proxy-frontend-mysql shardingsphere-agent-tracing-core shardingsphere-test-it-pipeline shardingsphere-proxy-backend-postgresql shardingsphere-data-pipeline-opengauss shardingsphere-test-e2e-driver shardingsphere-proxy-bootstrap shardingsphere-data-pipeline-cdc-core shardingsphere-test-e2e-agent-plugins-zipkin shardingsphere-test-e2e-env shardingsphere-test-e2e-showprocesslist shardingsphere-agent-tracing-type shardingsphere-proxy-frontend-core shardingsphere-data-pipeline-core shardingsphere-data-pipeline-scenario-migration shardingsphere-proxy-native-distribution shardingsphere-test-e2e-fixture shardingsphere-agent-plugin-core shardingsphere-agent-metrics-prometheus shardingsphere-test-e2e-agent-plugins-common shardingsphere-agent-logging-file shardingsphere-data-pipeline-scenario-consistencycheck shardingsphere-test-e2e-agent-plugins-logging-file shardingsphere-agent-plugins shardingsphere-proxy-frontend-spi shardingsphere-agent-tracing-opentelemetry shardingsphere-data-pipeline-postgresql shardingsphere-proxy-backend-core shardingsphere-test-e2e-transaction shardingsphere-proxy-backend-hbase shardingsphere-test-e2e-agent-plugins-jaeger shardingsphere-test-e2e-agent-jdbc-project shardingsphere-proxy-frontend-postgresql shardingsphere-agent-plugin-metrics shardingsphere-agent-metrics-type shardingsphere-test-e2e-pipeline shardingsphere-proxy-backend-opengauss org.apache.shardingsphere:shardingsphere-infra-url-absolutepath:5.5.1-SNAPSHOT is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-bootstrap@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-opengauss@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-mysql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-env@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-tracing-type@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-opengauss@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-tracing-opentelemetry@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-jaeger@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-opengauss@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-jdbc@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-transaction@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-scenario-migration@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-metrics-type@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-logging-file@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-metrics-prometheus@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-cdc-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-sql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugin-logging@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugin-tracing@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-native-distribution@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-pipeline@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-logging-file@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-showprocesslist@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-zipkin@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-fixture@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-common@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-distribution@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-tracing-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-metrics-prometheus@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-postgresql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-spi@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugins@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugin-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-scenario-consistencycheck@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-driver@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-logging-type@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-distsql-handler@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-metrics-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-postgresql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-it-pipeline@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-mysql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-hbase@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-postgresql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-jdbc-distribution@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-jdbc-project@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugin-metrics@5.5.1-SNAPSHOT Evidence Type Source Name Value Confidence Vendor file name pom High Vendor project artifactid shardingsphere-infra-url-absolutepath Low Vendor project groupid org.apache.shardingsphere Highest Product file name pom High Product project artifactid shardingsphere-infra-url-absolutepath Highest Product project groupid org.apache.shardingsphere Low
org.apache.shardingsphere:shardingsphere-infra-url-classpath:5.5.1-SNAPSHOTDescription:
Build criterion and ecosystem above multi-model databases License:
Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/runner/work/shardingsphere-doc/shardingsphere-doc/shardingsphere/infra/url/type/classpath/pom.xml
Referenced In Projects/Scopes: shardingsphere-agent-logging-type shardingsphere-proxy-frontend-opengauss shardingsphere-proxy-distribution shardingsphere-jdbc-distribution shardingsphere-agent-metrics-core shardingsphere-data-pipeline-distsql-handler shardingsphere-test-e2e-agent-plugins-metrics-prometheus shardingsphere-agent-plugin-logging shardingsphere-agent-plugin-tracing shardingsphere-test-e2e-sql shardingsphere-proxy-backend-mysql shardingsphere-jdbc shardingsphere-proxy-frontend-mysql shardingsphere-agent-tracing-core shardingsphere-test-it-pipeline shardingsphere-proxy-backend-postgresql shardingsphere-data-pipeline-opengauss shardingsphere-test-e2e-driver shardingsphere-proxy-bootstrap shardingsphere-data-pipeline-cdc-core shardingsphere-test-e2e-agent-plugins-zipkin shardingsphere-test-e2e-env shardingsphere-test-e2e-showprocesslist shardingsphere-agent-tracing-type shardingsphere-proxy-frontend-core shardingsphere-data-pipeline-core shardingsphere-data-pipeline-scenario-migration shardingsphere-proxy-native-distribution shardingsphere-test-e2e-fixture shardingsphere-agent-plugin-core shardingsphere-agent-metrics-prometheus shardingsphere-test-e2e-agent-plugins-common shardingsphere-agent-logging-file shardingsphere-data-pipeline-scenario-consistencycheck shardingsphere-test-e2e-agent-plugins-logging-file shardingsphere-agent-plugins shardingsphere-proxy-frontend-spi shardingsphere-agent-tracing-opentelemetry shardingsphere-data-pipeline-postgresql shardingsphere-proxy-backend-core shardingsphere-test-e2e-transaction shardingsphere-proxy-backend-hbase shardingsphere-test-e2e-agent-plugins-jaeger shardingsphere-test-e2e-agent-jdbc-project shardingsphere-proxy-frontend-postgresql shardingsphere-agent-plugin-metrics shardingsphere-agent-metrics-type shardingsphere-test-e2e-pipeline shardingsphere-proxy-backend-opengauss org.apache.shardingsphere:shardingsphere-infra-url-classpath:5.5.1-SNAPSHOT is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-showprocesslist@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-postgresql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-opengauss@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-mysql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-scenario-migration@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-transaction@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-logging-file@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-tracing-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-scenario-consistencycheck@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-logging-type@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-opengauss@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-mysql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-tracing-type@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-logging-file@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-pipeline@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-metrics-prometheus@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-sql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugin-logging@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-postgresql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-hbase@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-jdbc@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-native-distribution@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugin-metrics@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-driver@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-opengauss@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-jdbc-project@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-jdbc-distribution@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-distsql-handler@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-zipkin@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-common@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-metrics-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugin-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-postgresql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-cdc-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-spi@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-jaeger@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-fixture@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-env@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugins@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-distribution@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-metrics-prometheus@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugin-tracing@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-bootstrap@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-metrics-type@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-tracing-opentelemetry@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-it-pipeline@5.5.1-SNAPSHOT Evidence Type Source Name Value Confidence Vendor file name pom High Vendor project artifactid shardingsphere-infra-url-classpath Low Vendor project groupid org.apache.shardingsphere Highest Product file name pom High Product project artifactid shardingsphere-infra-url-classpath Highest Product project groupid org.apache.shardingsphere Low
org.apache.shardingsphere:shardingsphere-infra-url-core:5.5.1-SNAPSHOTDescription:
Build criterion and ecosystem above multi-model databases License:
Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/runner/work/shardingsphere-doc/shardingsphere-doc/shardingsphere/infra/url/core/pom.xml
Referenced In Projects/Scopes: shardingsphere-agent-logging-type shardingsphere-proxy-frontend-opengauss shardingsphere-proxy-distribution shardingsphere-jdbc-distribution shardingsphere-agent-metrics-core shardingsphere-data-pipeline-distsql-handler shardingsphere-test-e2e-agent-plugins-metrics-prometheus shardingsphere-agent-plugin-logging shardingsphere-agent-plugin-tracing shardingsphere-test-e2e-sql shardingsphere-proxy-backend-mysql shardingsphere-jdbc shardingsphere-proxy-frontend-mysql shardingsphere-agent-tracing-core shardingsphere-test-it-pipeline shardingsphere-proxy-backend-postgresql shardingsphere-data-pipeline-opengauss shardingsphere-test-e2e-driver shardingsphere-proxy-bootstrap shardingsphere-data-pipeline-cdc-core shardingsphere-test-e2e-agent-plugins-zipkin shardingsphere-test-e2e-env shardingsphere-test-e2e-showprocesslist shardingsphere-agent-tracing-type shardingsphere-proxy-frontend-core shardingsphere-data-pipeline-core shardingsphere-data-pipeline-scenario-migration shardingsphere-proxy-native-distribution shardingsphere-test-e2e-fixture shardingsphere-agent-plugin-core shardingsphere-agent-metrics-prometheus shardingsphere-test-e2e-agent-plugins-common shardingsphere-agent-logging-file shardingsphere-data-pipeline-scenario-consistencycheck shardingsphere-test-e2e-agent-plugins-logging-file shardingsphere-agent-plugins shardingsphere-proxy-frontend-spi shardingsphere-agent-tracing-opentelemetry shardingsphere-data-pipeline-postgresql shardingsphere-proxy-backend-core shardingsphere-test-e2e-transaction shardingsphere-proxy-backend-hbase shardingsphere-test-e2e-agent-plugins-jaeger shardingsphere-test-e2e-agent-jdbc-project shardingsphere-proxy-frontend-postgresql shardingsphere-agent-plugin-metrics shardingsphere-agent-metrics-type shardingsphere-test-e2e-pipeline shardingsphere-proxy-backend-opengauss org.apache.shardingsphere:shardingsphere-infra-url-core:5.5.1-SNAPSHOT is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-env@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugin-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-tracing-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-tracing-opentelemetry@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugin-metrics@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-native-distribution@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-postgresql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-mysql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-logging-file@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-fixture@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-opengauss@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-it-pipeline@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-logging-file@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-driver@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-distsql-handler@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-pipeline@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-scenario-consistencycheck@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-metrics-prometheus@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-showprocesslist@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-zipkin@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-hbase@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugin-tracing@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-postgresql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-metrics-type@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugin-logging@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-spi@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-tracing-type@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-mysql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-jdbc@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-jaeger@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-postgresql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-sql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-cdc-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-bootstrap@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-scenario-migration@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-opengauss@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-opengauss@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-metrics-prometheus@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-transaction@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-common@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-jdbc-distribution@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-jdbc-project@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugins@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-logging-type@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-distribution@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-metrics-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT Evidence Type Source Name Value Confidence Vendor file name pom High Vendor project artifactid shardingsphere-infra-url-core Low Vendor project groupid org.apache.shardingsphere Highest Product file name pom High Product project artifactid shardingsphere-infra-url-core Highest Product project groupid org.apache.shardingsphere Low
org.apache.shardingsphere:shardingsphere-infra-url-spi:5.5.1-SNAPSHOT org.apache.shardingsphere:shardingsphere-infra-util:5.5.1-SNAPSHOT org.apache.shardingsphere:shardingsphere-jdbc:5.5.1-SNAPSHOTDescription:
Build criterion and ecosystem above multi-model databases License:
Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/runner/work/shardingsphere-doc/shardingsphere-doc/shardingsphere/jdbc/pom.xml
Referenced In Projects/Scopes: shardingsphere-agent-logging-type shardingsphere-proxy-frontend-opengauss shardingsphere-proxy-distribution shardingsphere-jdbc-distribution shardingsphere-agent-metrics-core shardingsphere-data-pipeline-distsql-handler shardingsphere-test-e2e-agent-plugins-metrics-prometheus shardingsphere-agent-plugin-logging shardingsphere-agent-plugin-tracing shardingsphere-test-e2e-sql shardingsphere-proxy-backend-mysql shardingsphere-proxy-frontend-mysql shardingsphere-agent-tracing-core shardingsphere-test-it-pipeline shardingsphere-proxy-backend-postgresql shardingsphere-data-pipeline-opengauss shardingsphere-test-e2e-driver shardingsphere-proxy-bootstrap shardingsphere-data-pipeline-cdc-core shardingsphere-test-e2e-agent-plugins-zipkin shardingsphere-test-e2e-env shardingsphere-test-e2e-showprocesslist shardingsphere-agent-tracing-type shardingsphere-proxy-frontend-core shardingsphere-data-pipeline-core shardingsphere-data-pipeline-scenario-migration shardingsphere-proxy-native-distribution shardingsphere-test-e2e-fixture shardingsphere-agent-plugin-core shardingsphere-agent-metrics-prometheus shardingsphere-test-e2e-agent-plugins-common shardingsphere-agent-logging-file shardingsphere-data-pipeline-scenario-consistencycheck shardingsphere-test-e2e-agent-plugins-logging-file shardingsphere-agent-plugins shardingsphere-proxy-frontend-spi shardingsphere-agent-tracing-opentelemetry shardingsphere-data-pipeline-postgresql shardingsphere-proxy-backend-core shardingsphere-test-e2e-transaction shardingsphere-proxy-backend-hbase shardingsphere-test-e2e-agent-plugins-jaeger shardingsphere-test-e2e-agent-jdbc-project shardingsphere-proxy-frontend-postgresql shardingsphere-agent-plugin-metrics shardingsphere-agent-metrics-type shardingsphere-test-e2e-pipeline shardingsphere-proxy-backend-opengauss org.apache.shardingsphere:shardingsphere-jdbc:5.5.1-SNAPSHOT is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-common@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-cdc-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-opengauss@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-jdbc-project@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-pipeline@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugin-metrics@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-showprocesslist@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-postgresql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-metrics-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugin-tracing@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-scenario-migration@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-jaeger@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-opengauss@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-postgresql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-bootstrap@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-metrics-type@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-tracing-type@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugin-logging@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-tracing-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-tracing-opentelemetry@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-it-pipeline@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-mysql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-distsql-handler@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-logging-file@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-distribution@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-mysql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-opengauss@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-logging-file@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-scenario-consistencycheck@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-fixture@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-env@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-zipkin@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-jdbc-distribution@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-driver@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-logging-type@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-metrics-prometheus@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-native-distribution@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-metrics-prometheus@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-sql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-transaction@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugin-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-hbase@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugins@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-spi@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-postgresql@5.5.1-SNAPSHOT Evidence Type Source Name Value Confidence Vendor file name pom High Vendor project artifactid shardingsphere-jdbc Low Vendor project groupid org.apache.shardingsphere Highest Product file name pom High Product project artifactid shardingsphere-jdbc Highest Product project groupid org.apache.shardingsphere Low
org.apache.shardingsphere:shardingsphere-logging-api:5.5.1-SNAPSHOTDescription:
Build criterion and ecosystem above multi-model databases License:
Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/runner/work/shardingsphere-doc/shardingsphere-doc/shardingsphere/kernel/logging/api/pom.xml
Referenced In Projects/Scopes: shardingsphere-agent-logging-type shardingsphere-proxy-frontend-opengauss shardingsphere-proxy-distribution shardingsphere-jdbc-distribution shardingsphere-agent-metrics-core shardingsphere-data-pipeline-distsql-handler shardingsphere-test-e2e-agent-plugins-metrics-prometheus shardingsphere-agent-plugin-logging shardingsphere-agent-plugin-tracing shardingsphere-test-e2e-sql shardingsphere-proxy-backend-mysql shardingsphere-jdbc shardingsphere-proxy-frontend-mysql shardingsphere-agent-tracing-core shardingsphere-test-it-pipeline shardingsphere-proxy-backend-postgresql shardingsphere-data-pipeline-opengauss shardingsphere-test-e2e-driver shardingsphere-proxy-bootstrap shardingsphere-data-pipeline-cdc-core shardingsphere-test-e2e-agent-plugins-zipkin shardingsphere-test-e2e-env shardingsphere-test-e2e-showprocesslist shardingsphere-agent-tracing-type shardingsphere-proxy-frontend-core shardingsphere-data-pipeline-core shardingsphere-data-pipeline-scenario-migration shardingsphere-proxy-native-distribution shardingsphere-test-e2e-fixture shardingsphere-agent-plugin-core shardingsphere-agent-metrics-prometheus shardingsphere-test-e2e-agent-plugins-common shardingsphere-agent-logging-file shardingsphere-data-pipeline-scenario-consistencycheck shardingsphere-test-e2e-agent-plugins-logging-file shardingsphere-agent-plugins shardingsphere-proxy-frontend-spi shardingsphere-agent-tracing-opentelemetry shardingsphere-data-pipeline-postgresql shardingsphere-logging-core shardingsphere-proxy-backend-core shardingsphere-test-e2e-transaction shardingsphere-proxy-backend-hbase shardingsphere-test-e2e-agent-plugins-jaeger shardingsphere-test-e2e-agent-jdbc-project shardingsphere-proxy-frontend-postgresql shardingsphere-agent-plugin-metrics shardingsphere-agent-metrics-type shardingsphere-test-e2e-pipeline shardingsphere-proxy-backend-opengauss org.apache.shardingsphere:shardingsphere-logging-api:5.5.1-SNAPSHOT is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.shardingsphere/shardingsphere-agent-metrics-type@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-logging-file@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-common@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-jdbc-distribution@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-postgresql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-jdbc@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugin-metrics@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-logging-file@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-distribution@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-cdc-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-scenario-consistencycheck@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-mysql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-tracing-opentelemetry@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-distsql-handler@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-tracing-type@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-bootstrap@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-transaction@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-opengauss@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-native-distribution@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-jdbc-project@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-env@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugin-tracing@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-postgresql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-metrics-prometheus@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugin-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-driver@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-hbase@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-it-pipeline@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-pipeline@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugins@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-fixture@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-metrics-prometheus@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-scenario-migration@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-postgresql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-zipkin@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-metrics-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-sql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-spi@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-logging-type@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugin-logging@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-opengauss@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-opengauss@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-mysql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-jaeger@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-logging-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-showprocesslist@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-tracing-core@5.5.1-SNAPSHOT Evidence Type Source Name Value Confidence Vendor file name pom High Vendor project artifactid shardingsphere-logging-api Low Vendor project groupid org.apache.shardingsphere Highest Product file name pom High Product project artifactid shardingsphere-logging-api Highest Product project groupid org.apache.shardingsphere Low
org.apache.shardingsphere:shardingsphere-logging-core:5.5.1-SNAPSHOTDescription:
Build criterion and ecosystem above multi-model databases License:
Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/runner/work/shardingsphere-doc/shardingsphere-doc/shardingsphere/kernel/logging/core/pom.xml
Referenced In Projects/Scopes: shardingsphere-agent-logging-type shardingsphere-proxy-frontend-opengauss shardingsphere-proxy-distribution shardingsphere-jdbc-distribution shardingsphere-agent-metrics-core shardingsphere-data-pipeline-distsql-handler shardingsphere-test-e2e-agent-plugins-metrics-prometheus shardingsphere-agent-plugin-logging shardingsphere-agent-plugin-tracing shardingsphere-test-e2e-sql shardingsphere-proxy-backend-mysql shardingsphere-jdbc shardingsphere-proxy-frontend-mysql shardingsphere-agent-tracing-core shardingsphere-test-it-pipeline shardingsphere-proxy-backend-postgresql shardingsphere-data-pipeline-opengauss shardingsphere-test-e2e-driver shardingsphere-proxy-bootstrap shardingsphere-data-pipeline-cdc-core shardingsphere-test-e2e-agent-plugins-zipkin shardingsphere-test-e2e-env shardingsphere-test-e2e-showprocesslist shardingsphere-agent-tracing-type shardingsphere-proxy-frontend-core shardingsphere-data-pipeline-core shardingsphere-data-pipeline-scenario-migration shardingsphere-proxy-native-distribution shardingsphere-test-e2e-fixture shardingsphere-agent-plugin-core shardingsphere-agent-metrics-prometheus shardingsphere-test-e2e-agent-plugins-common shardingsphere-agent-logging-file shardingsphere-data-pipeline-scenario-consistencycheck shardingsphere-test-e2e-agent-plugins-logging-file shardingsphere-agent-plugins shardingsphere-proxy-frontend-spi shardingsphere-agent-tracing-opentelemetry shardingsphere-data-pipeline-postgresql shardingsphere-proxy-backend-core shardingsphere-test-e2e-transaction shardingsphere-proxy-backend-hbase shardingsphere-test-e2e-agent-plugins-jaeger shardingsphere-test-e2e-agent-jdbc-project shardingsphere-proxy-frontend-postgresql shardingsphere-agent-plugin-metrics shardingsphere-agent-metrics-type shardingsphere-test-e2e-pipeline shardingsphere-proxy-backend-opengauss org.apache.shardingsphere:shardingsphere-logging-core:5.5.1-SNAPSHOT is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-transaction@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-zipkin@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-native-distribution@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-opengauss@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-metrics-type@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-spi@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-opengauss@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-postgresql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugin-metrics@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-distribution@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-postgresql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-opengauss@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-tracing-type@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-bootstrap@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-hbase@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-pipeline@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-common@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugin-tracing@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-jaeger@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-metrics-prometheus@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-metrics-prometheus@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-distsql-handler@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugins@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-metrics-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-scenario-migration@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-fixture@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-cdc-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-postgresql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-driver@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugin-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-tracing-opentelemetry@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-showprocesslist@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-it-pipeline@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-tracing-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-jdbc-distribution@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-sql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-mysql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-logging-type@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-jdbc@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-jdbc-project@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-logging-file@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-env@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-mysql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-logging-file@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugin-logging@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-scenario-consistencycheck@5.5.1-SNAPSHOT Evidence Type Source Name Value Confidence Vendor file name pom High Vendor project artifactid shardingsphere-logging-core Low Vendor project groupid org.apache.shardingsphere Highest Product file name pom High Product project artifactid shardingsphere-logging-core Highest Product project groupid org.apache.shardingsphere Low
org.apache.shardingsphere:shardingsphere-mask-api:5.5.1-SNAPSHOTDescription:
Build criterion and ecosystem above multi-model databases License:
Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/runner/work/shardingsphere-doc/shardingsphere-doc/shardingsphere/features/mask/api/pom.xml
Referenced In Projects/Scopes: shardingsphere-agent-logging-type shardingsphere-proxy-frontend-opengauss shardingsphere-proxy-distribution shardingsphere-jdbc-distribution shardingsphere-agent-metrics-core shardingsphere-data-pipeline-distsql-handler shardingsphere-test-e2e-agent-plugins-metrics-prometheus shardingsphere-agent-plugin-logging shardingsphere-agent-plugin-tracing shardingsphere-test-e2e-sql shardingsphere-proxy-backend-mysql shardingsphere-jdbc shardingsphere-proxy-frontend-mysql shardingsphere-agent-tracing-core shardingsphere-test-it-pipeline shardingsphere-proxy-backend-postgresql shardingsphere-data-pipeline-opengauss shardingsphere-test-e2e-driver shardingsphere-proxy-bootstrap shardingsphere-data-pipeline-cdc-core shardingsphere-test-e2e-agent-plugins-zipkin shardingsphere-test-e2e-env shardingsphere-test-e2e-showprocesslist shardingsphere-agent-tracing-type shardingsphere-proxy-frontend-core shardingsphere-data-pipeline-core shardingsphere-data-pipeline-scenario-migration shardingsphere-proxy-native-distribution shardingsphere-test-e2e-fixture shardingsphere-agent-plugin-core shardingsphere-agent-metrics-prometheus shardingsphere-test-e2e-agent-plugins-common shardingsphere-agent-logging-file shardingsphere-data-pipeline-scenario-consistencycheck shardingsphere-test-e2e-agent-plugins-logging-file shardingsphere-agent-plugins shardingsphere-mask-core shardingsphere-proxy-frontend-spi shardingsphere-agent-tracing-opentelemetry shardingsphere-data-pipeline-postgresql shardingsphere-proxy-backend-core shardingsphere-test-e2e-transaction shardingsphere-proxy-backend-hbase shardingsphere-test-e2e-agent-plugins-jaeger shardingsphere-test-e2e-agent-jdbc-project shardingsphere-proxy-frontend-postgresql shardingsphere-mask-distsql-handler shardingsphere-agent-plugin-metrics shardingsphere-agent-metrics-type shardingsphere-test-e2e-pipeline shardingsphere-proxy-backend-opengauss org.apache.shardingsphere:shardingsphere-mask-api:5.5.1-SNAPSHOT is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-logging-file@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugin-tracing@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-native-distribution@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-distsql-handler@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-zipkin@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-distribution@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-postgresql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-metrics-prometheus@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-metrics-prometheus@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-postgresql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-env@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugins@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-showprocesslist@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-tracing-opentelemetry@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugin-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-driver@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-opengauss@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-postgresql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-mask-distsql-handler@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-pipeline@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugin-metrics@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-mysql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-opengauss@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-tracing-type@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-jdbc@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-hbase@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-logging-file@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-bootstrap@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-metrics-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-tracing-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-transaction@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugin-logging@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-cdc-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-scenario-migration@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-logging-type@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-common@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-fixture@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-mask-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-metrics-type@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-jdbc-project@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-spi@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-jaeger@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-sql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-it-pipeline@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-opengauss@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-scenario-consistencycheck@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-mysql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-jdbc-distribution@5.5.1-SNAPSHOT Evidence Type Source Name Value Confidence Vendor file name pom High Vendor project artifactid shardingsphere-mask-api Low Vendor project groupid org.apache.shardingsphere Highest Product file name pom High Product project artifactid shardingsphere-mask-api Highest Product project groupid org.apache.shardingsphere Low
org.apache.shardingsphere:shardingsphere-mask-core:5.5.1-SNAPSHOTDescription:
Build criterion and ecosystem above multi-model databases License:
Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/runner/work/shardingsphere-doc/shardingsphere-doc/shardingsphere/features/mask/core/pom.xml
Referenced In Projects/Scopes: shardingsphere-agent-logging-type shardingsphere-proxy-frontend-opengauss shardingsphere-proxy-distribution shardingsphere-jdbc-distribution shardingsphere-agent-metrics-core shardingsphere-data-pipeline-distsql-handler shardingsphere-test-e2e-agent-plugins-metrics-prometheus shardingsphere-agent-plugin-logging shardingsphere-agent-plugin-tracing shardingsphere-test-e2e-sql shardingsphere-proxy-backend-mysql shardingsphere-jdbc shardingsphere-proxy-frontend-mysql shardingsphere-agent-tracing-core shardingsphere-test-it-pipeline shardingsphere-proxy-backend-postgresql shardingsphere-data-pipeline-opengauss shardingsphere-test-e2e-driver shardingsphere-proxy-bootstrap shardingsphere-data-pipeline-cdc-core shardingsphere-test-e2e-agent-plugins-zipkin shardingsphere-test-e2e-env shardingsphere-test-e2e-showprocesslist shardingsphere-agent-tracing-type shardingsphere-proxy-frontend-core shardingsphere-data-pipeline-core shardingsphere-data-pipeline-scenario-migration shardingsphere-proxy-native-distribution shardingsphere-test-e2e-fixture shardingsphere-agent-plugin-core shardingsphere-agent-metrics-prometheus shardingsphere-test-e2e-agent-plugins-common shardingsphere-agent-logging-file shardingsphere-data-pipeline-scenario-consistencycheck shardingsphere-test-e2e-agent-plugins-logging-file shardingsphere-agent-plugins shardingsphere-proxy-frontend-spi shardingsphere-agent-tracing-opentelemetry shardingsphere-data-pipeline-postgresql shardingsphere-proxy-backend-core shardingsphere-test-e2e-transaction shardingsphere-proxy-backend-hbase shardingsphere-test-e2e-agent-plugins-jaeger shardingsphere-test-e2e-agent-jdbc-project shardingsphere-proxy-frontend-postgresql shardingsphere-mask-distsql-handler shardingsphere-agent-plugin-metrics shardingsphere-agent-metrics-type shardingsphere-test-e2e-pipeline shardingsphere-proxy-backend-opengauss org.apache.shardingsphere:shardingsphere-mask-core:5.5.1-SNAPSHOT is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugin-tracing@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-metrics-type@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-driver@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugin-logging@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-jdbc@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-opengauss@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugin-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-bootstrap@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-zipkin@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-metrics-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-opengauss@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-distsql-handler@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-jdbc-distribution@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-logging-type@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-mysql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-showprocesslist@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-postgresql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-pipeline@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-cdc-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-hbase@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-postgresql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-it-pipeline@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-jaeger@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-metrics-prometheus@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-jdbc-project@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-native-distribution@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-fixture@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-spi@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-common@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugins@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-transaction@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugin-metrics@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-tracing-opentelemetry@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-opengauss@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-tracing-type@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-tracing-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-logging-file@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-sql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-logging-file@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-postgresql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-distribution@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-scenario-migration@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-mysql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-mask-distsql-handler@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-metrics-prometheus@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-env@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-scenario-consistencycheck@5.5.1-SNAPSHOT Evidence Type Source Name Value Confidence Vendor file name pom High Vendor project artifactid shardingsphere-mask-core Low Vendor project groupid org.apache.shardingsphere Highest Product file name pom High Product project artifactid shardingsphere-mask-core Highest Product project groupid org.apache.shardingsphere Low
org.apache.shardingsphere:shardingsphere-mask-distsql-handler:5.5.1-SNAPSHOTDescription:
Build criterion and ecosystem above multi-model databases License:
Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/runner/work/shardingsphere-doc/shardingsphere-doc/shardingsphere/features/mask/distsql/handler/pom.xml
Referenced In Projects/Scopes: shardingsphere-agent-logging-type shardingsphere-test-e2e-fixture shardingsphere-proxy-frontend-opengauss shardingsphere-proxy-distribution shardingsphere-agent-plugin-core shardingsphere-agent-metrics-prometheus shardingsphere-agent-metrics-core shardingsphere-test-e2e-agent-plugins-metrics-prometheus shardingsphere-test-e2e-agent-plugins-common shardingsphere-agent-logging-file shardingsphere-test-e2e-agent-plugins-logging-file shardingsphere-agent-plugin-logging shardingsphere-agent-plugins shardingsphere-agent-plugin-tracing shardingsphere-proxy-frontend-spi shardingsphere-agent-tracing-opentelemetry shardingsphere-test-e2e-sql shardingsphere-proxy-backend-mysql shardingsphere-proxy-frontend-mysql shardingsphere-agent-tracing-core shardingsphere-proxy-backend-core shardingsphere-proxy-backend-postgresql shardingsphere-test-e2e-transaction shardingsphere-proxy-backend-hbase shardingsphere-proxy-bootstrap shardingsphere-test-e2e-agent-plugins-jaeger shardingsphere-proxy-frontend-postgresql shardingsphere-test-e2e-agent-plugins-zipkin shardingsphere-test-e2e-env shardingsphere-test-e2e-showprocesslist shardingsphere-agent-tracing-type shardingsphere-agent-plugin-metrics shardingsphere-proxy-frontend-core shardingsphere-agent-metrics-type shardingsphere-test-e2e-pipeline shardingsphere-proxy-native-distribution shardingsphere-proxy-backend-opengauss org.apache.shardingsphere:shardingsphere-mask-distsql-handler:5.5.1-SNAPSHOT is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.shardingsphere/shardingsphere-agent-logging-type@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-showprocesslist@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-metrics-type@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-fixture@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-opengauss@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-postgresql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-distribution@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-native-distribution@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-tracing-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-bootstrap@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-tracing-opentelemetry@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-metrics-prometheus@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-spi@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-mysql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-logging-file@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-zipkin@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-hbase@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-tracing-type@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-env@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-logging-file@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-metrics-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-metrics-prometheus@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-opengauss@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-mysql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-sql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugin-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugin-logging@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugins@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugin-tracing@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-pipeline@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-transaction@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugin-metrics@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-postgresql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-jaeger@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-common@5.5.1-SNAPSHOT Evidence Type Source Name Value Confidence Vendor file name pom High Vendor project artifactid shardingsphere-mask-distsql-handler Low Vendor project groupid org.apache.shardingsphere Highest Product file name pom High Product project artifactid shardingsphere-mask-distsql-handler Highest Product project groupid org.apache.shardingsphere Low
org.apache.shardingsphere:shardingsphere-mask-distsql-parser:5.5.1-SNAPSHOTDescription:
Build criterion and ecosystem above multi-model databases License:
Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/runner/work/shardingsphere-doc/shardingsphere-doc/shardingsphere/features/mask/distsql/parser/pom.xml
Referenced In Projects/Scopes: shardingsphere-agent-logging-type shardingsphere-test-e2e-fixture shardingsphere-proxy-frontend-opengauss shardingsphere-proxy-distribution shardingsphere-agent-plugin-core shardingsphere-agent-metrics-prometheus shardingsphere-agent-metrics-core shardingsphere-test-e2e-agent-plugins-metrics-prometheus shardingsphere-test-e2e-agent-plugins-common shardingsphere-agent-logging-file shardingsphere-test-e2e-agent-plugins-logging-file shardingsphere-agent-plugin-logging shardingsphere-agent-plugins shardingsphere-agent-plugin-tracing shardingsphere-proxy-frontend-spi shardingsphere-agent-tracing-opentelemetry shardingsphere-test-e2e-sql shardingsphere-proxy-backend-mysql shardingsphere-proxy-frontend-mysql shardingsphere-agent-tracing-core shardingsphere-proxy-backend-core shardingsphere-proxy-backend-postgresql shardingsphere-test-e2e-transaction shardingsphere-proxy-backend-hbase shardingsphere-proxy-bootstrap shardingsphere-test-e2e-agent-plugins-jaeger shardingsphere-test-it-optimizer shardingsphere-proxy-frontend-postgresql shardingsphere-test-e2e-agent-plugins-zipkin shardingsphere-test-e2e-env shardingsphere-test-e2e-showprocesslist shardingsphere-agent-tracing-type shardingsphere-mask-distsql-handler shardingsphere-agent-plugin-metrics shardingsphere-proxy-frontend-core shardingsphere-agent-metrics-type shardingsphere-test-e2e-pipeline shardingsphere-test-it-parser shardingsphere-proxy-native-distribution shardingsphere-proxy-backend-opengauss org.apache.shardingsphere:shardingsphere-mask-distsql-parser:5.5.1-SNAPSHOT is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.shardingsphere/shardingsphere-agent-metrics-type@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-metrics-prometheus@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-postgresql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-logging-file@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-logging-file@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-opengauss@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-spi@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-tracing-type@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-fixture@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-transaction@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-distribution@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-metrics-prometheus@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-postgresql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-native-distribution@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-jaeger@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugin-logging@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-mysql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugins@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-env@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-tracing-opentelemetry@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-it-parser@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-tracing-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-showprocesslist@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-mask-distsql-handler@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugin-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-pipeline@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugin-tracing@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-logging-type@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-metrics-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-it-optimizer@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-common@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-bootstrap@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugin-metrics@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-opengauss@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-sql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-hbase@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-mysql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-zipkin@5.5.1-SNAPSHOT Evidence Type Source Name Value Confidence Vendor file name pom High Vendor project artifactid shardingsphere-mask-distsql-parser Low Vendor project groupid org.apache.shardingsphere Highest Product file name pom High Product project artifactid shardingsphere-mask-distsql-parser Highest Product project groupid org.apache.shardingsphere Low
org.apache.shardingsphere:shardingsphere-mask-distsql-statement:5.5.1-SNAPSHOTDescription:
Build criterion and ecosystem above multi-model databases License:
Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/runner/work/shardingsphere-doc/shardingsphere-doc/shardingsphere/features/mask/distsql/statement/pom.xml
Referenced In Projects/Scopes: shardingsphere-agent-logging-type shardingsphere-test-e2e-fixture shardingsphere-proxy-frontend-opengauss shardingsphere-proxy-distribution shardingsphere-agent-plugin-core shardingsphere-agent-metrics-prometheus shardingsphere-agent-metrics-core shardingsphere-test-e2e-agent-plugins-metrics-prometheus shardingsphere-test-e2e-agent-plugins-common shardingsphere-agent-logging-file shardingsphere-test-e2e-agent-plugins-logging-file shardingsphere-agent-plugin-logging shardingsphere-agent-plugins shardingsphere-agent-plugin-tracing shardingsphere-proxy-frontend-spi shardingsphere-agent-tracing-opentelemetry shardingsphere-test-e2e-sql shardingsphere-proxy-backend-mysql shardingsphere-proxy-frontend-mysql shardingsphere-agent-tracing-core shardingsphere-proxy-backend-core shardingsphere-proxy-backend-postgresql shardingsphere-test-e2e-transaction shardingsphere-proxy-backend-hbase shardingsphere-proxy-bootstrap shardingsphere-test-e2e-agent-plugins-jaeger shardingsphere-test-it-optimizer shardingsphere-proxy-frontend-postgresql shardingsphere-test-e2e-agent-plugins-zipkin shardingsphere-test-e2e-env shardingsphere-test-e2e-showprocesslist shardingsphere-agent-tracing-type shardingsphere-mask-distsql-parser shardingsphere-mask-distsql-handler shardingsphere-agent-plugin-metrics shardingsphere-proxy-frontend-core shardingsphere-agent-metrics-type shardingsphere-test-e2e-pipeline shardingsphere-test-it-parser shardingsphere-proxy-native-distribution shardingsphere-proxy-backend-opengauss org.apache.shardingsphere:shardingsphere-mask-distsql-statement:5.5.1-SNAPSHOT is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-native-distribution@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-env@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugin-metrics@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-zipkin@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-postgresql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-tracing-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-tracing-opentelemetry@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-sql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-it-optimizer@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-hbase@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-logging-file@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-mysql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-logging-file@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugin-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-metrics-prometheus@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-tracing-type@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-logging-type@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-distribution@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-bootstrap@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugin-logging@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-mask-distsql-handler@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugins@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-metrics-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-metrics-prometheus@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-spi@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugin-tracing@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-jaeger@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-pipeline@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-metrics-type@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-fixture@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-opengauss@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-transaction@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-opengauss@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-mysql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-mask-distsql-parser@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-showprocesslist@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-it-parser@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-postgresql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-common@5.5.1-SNAPSHOT Evidence Type Source Name Value Confidence Vendor file name pom High Vendor project artifactid shardingsphere-mask-distsql-statement Low Vendor project groupid org.apache.shardingsphere Highest Product file name pom High Product project artifactid shardingsphere-mask-distsql-statement Highest Product project groupid org.apache.shardingsphere Low
org.apache.shardingsphere:shardingsphere-metadata-core:5.5.1-SNAPSHOT org.apache.shardingsphere:shardingsphere-mode-api:5.5.1-SNAPSHOT org.apache.shardingsphere:shardingsphere-mode-core:5.5.1-SNAPSHOT org.apache.shardingsphere:shardingsphere-mysql-dialect-exception:5.5.1-SNAPSHOTDescription:
Build criterion and ecosystem above multi-model databases License:
Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/runner/work/shardingsphere-doc/shardingsphere-doc/shardingsphere/infra/exception/dialect/type/mysql/pom.xml
Referenced In Projects/Scopes: shardingsphere-agent-logging-type shardingsphere-proxy-frontend-opengauss shardingsphere-proxy-distribution shardingsphere-jdbc-distribution shardingsphere-agent-metrics-core shardingsphere-data-pipeline-distsql-handler shardingsphere-test-e2e-agent-plugins-metrics-prometheus shardingsphere-agent-plugin-logging shardingsphere-agent-plugin-tracing shardingsphere-test-e2e-sql shardingsphere-proxy-backend-mysql shardingsphere-jdbc shardingsphere-proxy-frontend-mysql shardingsphere-agent-tracing-core shardingsphere-test-it-pipeline shardingsphere-proxy-backend-postgresql shardingsphere-data-pipeline-opengauss shardingsphere-test-e2e-driver shardingsphere-proxy-bootstrap shardingsphere-data-pipeline-cdc-core shardingsphere-data-pipeline-mysql shardingsphere-test-e2e-agent-plugins-zipkin shardingsphere-test-e2e-env shardingsphere-test-e2e-showprocesslist shardingsphere-agent-tracing-type shardingsphere-proxy-frontend-core shardingsphere-data-pipeline-core shardingsphere-mysql-protocol shardingsphere-data-pipeline-scenario-migration shardingsphere-proxy-native-distribution shardingsphere-test-e2e-fixture shardingsphere-agent-plugin-core shardingsphere-agent-metrics-prometheus shardingsphere-test-e2e-agent-plugins-common shardingsphere-agent-logging-file shardingsphere-data-pipeline-scenario-consistencycheck shardingsphere-test-e2e-agent-plugins-logging-file shardingsphere-agent-plugins shardingsphere-proxy-frontend-spi shardingsphere-agent-tracing-opentelemetry shardingsphere-data-pipeline-postgresql shardingsphere-proxy-backend-core shardingsphere-test-e2e-transaction shardingsphere-proxy-backend-hbase shardingsphere-test-e2e-agent-plugins-jaeger shardingsphere-test-e2e-agent-jdbc-project shardingsphere-proxy-frontend-postgresql shardingsphere-agent-plugin-metrics shardingsphere-agent-metrics-type shardingsphere-test-e2e-pipeline shardingsphere-proxy-backend-opengauss org.apache.shardingsphere:shardingsphere-mysql-dialect-exception:5.5.1-SNAPSHOT is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-driver@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-showprocesslist@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-postgresql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugin-logging@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-tracing-opentelemetry@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-logging-file@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-logging-file@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-metrics-prometheus@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-pipeline@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-mysql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-tracing-type@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-jdbc-project@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-it-pipeline@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugins@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-postgresql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-metrics-prometheus@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-tracing-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-opengauss@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-mysql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-sql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-scenario-migration@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-jdbc@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-common@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-mysql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-scenario-consistencycheck@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-bootstrap@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-jaeger@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-cdc-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugin-tracing@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugin-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-metrics-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-mysql-protocol@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-fixture@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-jdbc-distribution@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugin-metrics@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-logging-type@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-spi@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-distribution@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-zipkin@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-transaction@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-distsql-handler@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-hbase@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-env@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-postgresql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-metrics-type@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-opengauss@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-native-distribution@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-opengauss@5.5.1-SNAPSHOT Evidence Type Source Name Value Confidence Vendor file name pom High Vendor project artifactid shardingsphere-mysql-dialect-exception Low Vendor project groupid org.apache.shardingsphere Highest Product file name pom High Product project artifactid shardingsphere-mysql-dialect-exception Highest Product project groupid org.apache.shardingsphere Low
org.apache.shardingsphere:shardingsphere-mysql-protocol:5.5.1-SNAPSHOTDescription:
Build criterion and ecosystem above multi-model databases License:
Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/runner/work/shardingsphere-doc/shardingsphere-doc/shardingsphere/db-protocol/mysql/pom.xml
Referenced In Projects/Scopes: shardingsphere-agent-logging-type shardingsphere-test-e2e-fixture shardingsphere-proxy-frontend-opengauss shardingsphere-proxy-distribution shardingsphere-agent-plugin-core shardingsphere-agent-metrics-prometheus shardingsphere-agent-metrics-core shardingsphere-test-e2e-agent-plugins-metrics-prometheus shardingsphere-test-e2e-agent-plugins-common shardingsphere-agent-logging-file shardingsphere-test-e2e-agent-plugins-logging-file shardingsphere-agent-plugin-logging shardingsphere-agent-plugins shardingsphere-agent-plugin-tracing shardingsphere-proxy-frontend-spi shardingsphere-agent-tracing-opentelemetry shardingsphere-test-e2e-sql shardingsphere-proxy-backend-mysql shardingsphere-proxy-frontend-mysql shardingsphere-agent-tracing-core shardingsphere-proxy-backend-core shardingsphere-test-it-pipeline shardingsphere-proxy-backend-postgresql shardingsphere-test-e2e-transaction shardingsphere-proxy-backend-hbase shardingsphere-proxy-bootstrap shardingsphere-test-e2e-agent-plugins-jaeger shardingsphere-data-pipeline-mysql shardingsphere-proxy-frontend-postgresql shardingsphere-test-e2e-agent-plugins-zipkin shardingsphere-test-e2e-env shardingsphere-test-e2e-showprocesslist shardingsphere-agent-tracing-type shardingsphere-agent-plugin-metrics shardingsphere-proxy-frontend-core shardingsphere-agent-metrics-type shardingsphere-test-e2e-pipeline shardingsphere-proxy-native-distribution shardingsphere-proxy-backend-opengauss org.apache.shardingsphere:shardingsphere-mysql-protocol:5.5.1-SNAPSHOT is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-spi@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-pipeline@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-opengauss@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-distribution@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-fixture@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugins@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-jaeger@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-bootstrap@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-mysql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-transaction@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugin-tracing@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-metrics-prometheus@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-hbase@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-env@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-common@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-tracing-opentelemetry@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-it-pipeline@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-tracing-type@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-metrics-type@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-showprocesslist@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugin-logging@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-metrics-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-zipkin@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-opengauss@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-logging-file@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-tracing-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-native-distribution@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-metrics-prometheus@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugin-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-logging-file@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-logging-type@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-mysql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-postgresql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-mysql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-postgresql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugin-metrics@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-sql@5.5.1-SNAPSHOT Evidence Type Source Name Value Confidence Vendor file name pom High Vendor project artifactid shardingsphere-mysql-protocol Low Vendor project groupid org.apache.shardingsphere Highest Product file name pom High Product project artifactid shardingsphere-mysql-protocol Highest Product project groupid org.apache.shardingsphere Low
org.apache.shardingsphere:shardingsphere-opengauss-protocol:5.5.1-SNAPSHOTDescription:
Build criterion and ecosystem above multi-model databases License:
Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/runner/work/shardingsphere-doc/shardingsphere-doc/shardingsphere/db-protocol/opengauss/pom.xml
Referenced In Projects/Scopes: shardingsphere-test-e2e-transaction shardingsphere-test-e2e-fixture shardingsphere-proxy-frontend-opengauss shardingsphere-proxy-distribution shardingsphere-agent-metrics-prometheus shardingsphere-agent-metrics-core shardingsphere-proxy-bootstrap shardingsphere-test-e2e-agent-plugins-jaeger shardingsphere-test-e2e-agent-plugins-metrics-prometheus shardingsphere-test-e2e-agent-plugins-common shardingsphere-test-e2e-agent-plugins-logging-file shardingsphere-test-e2e-agent-plugins-zipkin shardingsphere-test-e2e-env shardingsphere-test-e2e-sql shardingsphere-test-e2e-showprocesslist shardingsphere-test-e2e-pipeline shardingsphere-proxy-native-distribution org.apache.shardingsphere:shardingsphere-opengauss-protocol:5.5.1-SNAPSHOT is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-zipkin@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-metrics-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-sql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-logging-file@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-showprocesslist@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-distribution@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-native-distribution@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-common@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-env@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-fixture@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-bootstrap@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-jaeger@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-metrics-prometheus@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-metrics-prometheus@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-pipeline@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-transaction@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-opengauss@5.5.1-SNAPSHOT Evidence Type Source Name Value Confidence Vendor file name pom High Vendor project artifactid shardingsphere-opengauss-protocol Low Vendor project groupid org.apache.shardingsphere Highest Product file name pom High Product project artifactid shardingsphere-opengauss-protocol Highest Product project groupid org.apache.shardingsphere Low
org.apache.shardingsphere:shardingsphere-parser-distsql-engine:5.5.1-SNAPSHOT org.apache.shardingsphere:shardingsphere-parser-distsql-statement:5.5.1-SNAPSHOT org.apache.shardingsphere:shardingsphere-parser-sql-engine:5.5.1-SNAPSHOT org.apache.shardingsphere:shardingsphere-parser-sql-mysql:5.5.1-SNAPSHOTDescription:
Build criterion and ecosystem above multi-model databases License:
Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/runner/work/shardingsphere-doc/shardingsphere-doc/shardingsphere/parser/sql/dialect/mysql/pom.xml
Referenced In Projects/Scopes: shardingsphere-agent-logging-type shardingsphere-proxy-frontend-opengauss shardingsphere-proxy-distribution shardingsphere-jdbc-distribution shardingsphere-agent-metrics-core shardingsphere-data-pipeline-distsql-handler shardingsphere-test-e2e-agent-plugins-metrics-prometheus shardingsphere-agent-plugin-logging shardingsphere-agent-plugin-tracing shardingsphere-test-e2e-sql shardingsphere-proxy-backend-mysql shardingsphere-jdbc shardingsphere-proxy-frontend-mysql shardingsphere-agent-tracing-core shardingsphere-test-it-pipeline shardingsphere-proxy-backend-postgresql shardingsphere-data-pipeline-opengauss shardingsphere-test-e2e-driver shardingsphere-proxy-bootstrap shardingsphere-data-pipeline-cdc-core shardingsphere-test-e2e-agent-plugins-zipkin shardingsphere-test-e2e-env shardingsphere-test-e2e-showprocesslist shardingsphere-agent-tracing-type shardingsphere-proxy-frontend-core shardingsphere-data-pipeline-core shardingsphere-data-pipeline-scenario-migration shardingsphere-proxy-native-distribution shardingsphere-test-e2e-fixture shardingsphere-agent-plugin-core shardingsphere-agent-metrics-prometheus shardingsphere-test-e2e-agent-plugins-common shardingsphere-agent-logging-file shardingsphere-data-pipeline-scenario-consistencycheck shardingsphere-test-e2e-agent-plugins-logging-file shardingsphere-agent-plugins shardingsphere-proxy-frontend-spi shardingsphere-agent-tracing-opentelemetry shardingsphere-data-pipeline-postgresql shardingsphere-proxy-backend-core shardingsphere-test-e2e-transaction shardingsphere-proxy-backend-hbase shardingsphere-test-e2e-agent-plugins-jaeger shardingsphere-test-e2e-agent-jdbc-project shardingsphere-test-it-optimizer shardingsphere-proxy-frontend-postgresql shardingsphere-agent-plugin-metrics shardingsphere-agent-metrics-type shardingsphere-test-e2e-pipeline shardingsphere-proxy-backend-opengauss org.apache.shardingsphere:shardingsphere-parser-sql-mysql:5.5.1-SNAPSHOT is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-zipkin@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugin-metrics@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-jdbc@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugin-tracing@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-tracing-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-jaeger@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-env@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugin-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-opengauss@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-postgresql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-logging-type@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-postgresql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-sql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-native-distribution@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-distsql-handler@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-mysql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-opengauss@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-showprocesslist@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-mysql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-metrics-prometheus@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-driver@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-spi@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-scenario-consistencycheck@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugins@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-bootstrap@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-jdbc-project@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-logging-file@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-tracing-type@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-hbase@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-scenario-migration@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-it-pipeline@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugin-logging@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-jdbc-distribution@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-transaction@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-postgresql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-pipeline@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-cdc-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-tracing-opentelemetry@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-metrics-type@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-common@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-metrics-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-logging-file@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-metrics-prometheus@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-it-optimizer@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-fixture@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-distribution@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-opengauss@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT Evidence Type Source Name Value Confidence Vendor file name pom High Vendor project artifactid shardingsphere-parser-sql-mysql Low Vendor project groupid org.apache.shardingsphere Highest Product file name pom High Product project artifactid shardingsphere-parser-sql-mysql Highest Product project groupid org.apache.shardingsphere Low
org.apache.shardingsphere:shardingsphere-parser-sql-opengauss:5.5.1-SNAPSHOTDescription:
Build criterion and ecosystem above multi-model databases License:
Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/runner/work/shardingsphere-doc/shardingsphere-doc/shardingsphere/parser/sql/dialect/opengauss/pom.xml
Referenced In Projects/Scopes: shardingsphere-agent-logging-type shardingsphere-proxy-frontend-opengauss shardingsphere-proxy-distribution shardingsphere-jdbc-distribution shardingsphere-agent-metrics-core shardingsphere-data-pipeline-distsql-handler shardingsphere-test-e2e-agent-plugins-metrics-prometheus shardingsphere-agent-plugin-logging shardingsphere-agent-plugin-tracing shardingsphere-test-e2e-sql shardingsphere-proxy-backend-mysql shardingsphere-jdbc shardingsphere-proxy-frontend-mysql shardingsphere-agent-tracing-core shardingsphere-test-it-pipeline shardingsphere-proxy-backend-postgresql shardingsphere-data-pipeline-opengauss shardingsphere-test-e2e-driver shardingsphere-proxy-bootstrap shardingsphere-data-pipeline-cdc-core shardingsphere-test-e2e-agent-plugins-zipkin shardingsphere-test-e2e-env shardingsphere-test-e2e-showprocesslist shardingsphere-agent-tracing-type shardingsphere-proxy-frontend-core shardingsphere-data-pipeline-core shardingsphere-data-pipeline-scenario-migration shardingsphere-proxy-native-distribution shardingsphere-test-e2e-fixture shardingsphere-agent-plugin-core shardingsphere-agent-metrics-prometheus shardingsphere-test-e2e-agent-plugins-common shardingsphere-agent-logging-file shardingsphere-data-pipeline-scenario-consistencycheck shardingsphere-test-e2e-agent-plugins-logging-file shardingsphere-agent-plugins shardingsphere-proxy-frontend-spi shardingsphere-agent-tracing-opentelemetry shardingsphere-data-pipeline-postgresql shardingsphere-proxy-backend-core shardingsphere-test-e2e-transaction shardingsphere-proxy-backend-hbase shardingsphere-test-e2e-agent-plugins-jaeger shardingsphere-test-e2e-agent-jdbc-project shardingsphere-test-it-optimizer shardingsphere-proxy-frontend-postgresql shardingsphere-agent-plugin-metrics shardingsphere-agent-metrics-type shardingsphere-test-e2e-pipeline shardingsphere-proxy-backend-opengauss org.apache.shardingsphere:shardingsphere-parser-sql-opengauss:5.5.1-SNAPSHOT is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-sql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-env@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-mysql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-logging-type@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugin-logging@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-common@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-spi@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-metrics-prometheus@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugin-tracing@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugin-metrics@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-opengauss@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-opengauss@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-mysql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-jdbc-distribution@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-metrics-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-jdbc@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-scenario-consistencycheck@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-metrics-type@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-jaeger@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-fixture@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-scenario-migration@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-tracing-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-postgresql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-jdbc-project@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-tracing-opentelemetry@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-showprocesslist@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugin-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-logging-file@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-metrics-prometheus@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-it-pipeline@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-it-optimizer@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-distsql-handler@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-tracing-type@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-cdc-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-transaction@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-zipkin@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-postgresql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-driver@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-opengauss@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-logging-file@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-native-distribution@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-distribution@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-hbase@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-postgresql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugins@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-pipeline@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-bootstrap@5.5.1-SNAPSHOT Evidence Type Source Name Value Confidence Vendor file name pom High Vendor project artifactid shardingsphere-parser-sql-opengauss Low Vendor project groupid org.apache.shardingsphere Highest Product file name pom High Product project artifactid shardingsphere-parser-sql-opengauss Highest Product project groupid org.apache.shardingsphere Low
org.apache.shardingsphere:shardingsphere-parser-sql-oracle:5.5.1-SNAPSHOTDescription:
Build criterion and ecosystem above multi-model databases License:
Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/runner/work/shardingsphere-doc/shardingsphere-doc/shardingsphere/parser/sql/dialect/oracle/pom.xml
Referenced In Projects/Scopes: shardingsphere-agent-logging-type shardingsphere-proxy-frontend-opengauss shardingsphere-proxy-distribution shardingsphere-jdbc-distribution shardingsphere-agent-metrics-core shardingsphere-data-pipeline-distsql-handler shardingsphere-test-e2e-agent-plugins-metrics-prometheus shardingsphere-agent-plugin-logging shardingsphere-agent-plugin-tracing shardingsphere-test-e2e-sql shardingsphere-proxy-backend-mysql shardingsphere-jdbc shardingsphere-proxy-frontend-mysql shardingsphere-agent-tracing-core shardingsphere-test-it-pipeline shardingsphere-proxy-backend-postgresql shardingsphere-data-pipeline-opengauss shardingsphere-test-e2e-driver shardingsphere-proxy-bootstrap shardingsphere-data-pipeline-cdc-core shardingsphere-test-e2e-agent-plugins-zipkin shardingsphere-test-e2e-env shardingsphere-test-e2e-showprocesslist shardingsphere-agent-tracing-type shardingsphere-proxy-frontend-core shardingsphere-data-pipeline-core shardingsphere-data-pipeline-scenario-migration shardingsphere-proxy-native-distribution shardingsphere-test-e2e-fixture shardingsphere-agent-plugin-core shardingsphere-agent-metrics-prometheus shardingsphere-test-e2e-agent-plugins-common shardingsphere-agent-logging-file shardingsphere-data-pipeline-scenario-consistencycheck shardingsphere-test-e2e-agent-plugins-logging-file shardingsphere-agent-plugins shardingsphere-proxy-frontend-spi shardingsphere-agent-tracing-opentelemetry shardingsphere-data-pipeline-postgresql shardingsphere-proxy-backend-core shardingsphere-test-e2e-transaction shardingsphere-proxy-backend-hbase shardingsphere-test-e2e-agent-plugins-jaeger shardingsphere-test-e2e-agent-jdbc-project shardingsphere-test-it-optimizer shardingsphere-proxy-frontend-postgresql shardingsphere-agent-plugin-metrics shardingsphere-agent-metrics-type shardingsphere-test-e2e-pipeline shardingsphere-proxy-backend-opengauss org.apache.shardingsphere:shardingsphere-parser-sql-oracle:5.5.1-SNAPSHOT is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-mysql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-zipkin@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-tracing-type@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-metrics-prometheus@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-transaction@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-showprocesslist@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-metrics-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-env@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-jdbc@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-it-pipeline@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-tracing-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-logging-type@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-sql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-logging-file@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-distribution@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-cdc-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-common@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-hbase@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-scenario-consistencycheck@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-fixture@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-distsql-handler@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-opengauss@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-jdbc-distribution@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugin-tracing@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-mysql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugin-logging@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugins@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-bootstrap@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-jdbc-project@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-native-distribution@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-metrics-type@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-jaeger@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugin-metrics@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-spi@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-opengauss@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-logging-file@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugin-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-opengauss@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-it-optimizer@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-driver@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-metrics-prometheus@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-scenario-migration@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-postgresql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-pipeline@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-postgresql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-tracing-opentelemetry@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-postgresql@5.5.1-SNAPSHOT Evidence Type Source Name Value Confidence Vendor file name pom High Vendor project artifactid shardingsphere-parser-sql-oracle Low Vendor project groupid org.apache.shardingsphere Highest Product file name pom High Product project artifactid shardingsphere-parser-sql-oracle Highest Product project groupid org.apache.shardingsphere Low
org.apache.shardingsphere:shardingsphere-parser-sql-postgresql:5.5.1-SNAPSHOTDescription:
Build criterion and ecosystem above multi-model databases License:
Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/runner/work/shardingsphere-doc/shardingsphere-doc/shardingsphere/parser/sql/dialect/postgresql/pom.xml
Referenced In Projects/Scopes: shardingsphere-agent-logging-type shardingsphere-proxy-frontend-opengauss shardingsphere-proxy-distribution shardingsphere-jdbc-distribution shardingsphere-agent-metrics-core shardingsphere-data-pipeline-distsql-handler shardingsphere-test-e2e-agent-plugins-metrics-prometheus shardingsphere-agent-plugin-logging shardingsphere-agent-plugin-tracing shardingsphere-test-e2e-sql shardingsphere-proxy-backend-mysql shardingsphere-jdbc shardingsphere-proxy-frontend-mysql shardingsphere-agent-tracing-core shardingsphere-test-it-pipeline shardingsphere-proxy-backend-postgresql shardingsphere-data-pipeline-opengauss shardingsphere-test-e2e-driver shardingsphere-proxy-bootstrap shardingsphere-data-pipeline-cdc-core shardingsphere-test-e2e-agent-plugins-zipkin shardingsphere-test-e2e-env shardingsphere-test-e2e-showprocesslist shardingsphere-agent-tracing-type shardingsphere-proxy-frontend-core shardingsphere-data-pipeline-core shardingsphere-data-pipeline-scenario-migration shardingsphere-proxy-native-distribution shardingsphere-test-e2e-fixture shardingsphere-agent-plugin-core shardingsphere-agent-metrics-prometheus shardingsphere-test-e2e-agent-plugins-common shardingsphere-agent-logging-file shardingsphere-data-pipeline-scenario-consistencycheck shardingsphere-test-e2e-agent-plugins-logging-file shardingsphere-agent-plugins shardingsphere-proxy-frontend-spi shardingsphere-agent-tracing-opentelemetry shardingsphere-data-pipeline-postgresql shardingsphere-proxy-backend-core shardingsphere-test-e2e-transaction shardingsphere-proxy-backend-hbase shardingsphere-test-e2e-agent-plugins-jaeger shardingsphere-test-e2e-agent-jdbc-project shardingsphere-test-it-optimizer shardingsphere-proxy-frontend-postgresql shardingsphere-agent-plugin-metrics shardingsphere-agent-metrics-type shardingsphere-test-e2e-pipeline shardingsphere-proxy-backend-opengauss org.apache.shardingsphere:shardingsphere-parser-sql-postgresql:5.5.1-SNAPSHOT is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-logging-file@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-opengauss@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-hbase@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugin-logging@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-it-optimizer@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-metrics-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-postgresql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-driver@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-distsql-handler@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-postgresql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-jdbc@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-fixture@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-zipkin@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-opengauss@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-cdc-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-pipeline@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-tracing-type@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-native-distribution@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-postgresql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-scenario-consistencycheck@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-logging-file@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-common@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-logging-type@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-metrics-prometheus@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-jaeger@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-sql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-it-pipeline@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-jdbc-distribution@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugin-metrics@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugin-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-opengauss@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-distribution@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugin-tracing@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-spi@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-mysql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-tracing-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugins@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-metrics-prometheus@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-tracing-opentelemetry@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-showprocesslist@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-transaction@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-jdbc-project@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-env@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-mysql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-scenario-migration@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-metrics-type@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-bootstrap@5.5.1-SNAPSHOT Evidence Type Source Name Value Confidence Vendor file name pom High Vendor project artifactid shardingsphere-parser-sql-postgresql Low Vendor project groupid org.apache.shardingsphere Highest Product file name pom High Product project artifactid shardingsphere-parser-sql-postgresql Highest Product project groupid org.apache.shardingsphere Low
org.apache.shardingsphere:shardingsphere-parser-sql-spi:5.5.1-SNAPSHOT org.apache.shardingsphere:shardingsphere-parser-sql-sql92:5.5.1-SNAPSHOTDescription:
Build criterion and ecosystem above multi-model databases License:
Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/runner/work/shardingsphere-doc/shardingsphere-doc/shardingsphere/parser/sql/dialect/sql92/pom.xml
Referenced In Projects/Scopes: shardingsphere-agent-logging-type shardingsphere-proxy-frontend-opengauss shardingsphere-proxy-distribution shardingsphere-jdbc-distribution shardingsphere-agent-metrics-core shardingsphere-data-pipeline-distsql-handler shardingsphere-test-e2e-agent-plugins-metrics-prometheus shardingsphere-agent-plugin-logging shardingsphere-agent-plugin-tracing shardingsphere-test-e2e-sql shardingsphere-proxy-backend-mysql shardingsphere-jdbc shardingsphere-proxy-frontend-mysql shardingsphere-agent-tracing-core shardingsphere-test-it-pipeline shardingsphere-proxy-backend-postgresql shardingsphere-data-pipeline-opengauss shardingsphere-test-e2e-driver shardingsphere-proxy-bootstrap shardingsphere-data-pipeline-cdc-core shardingsphere-test-e2e-agent-plugins-zipkin shardingsphere-test-e2e-env shardingsphere-test-e2e-showprocesslist shardingsphere-agent-tracing-type shardingsphere-proxy-frontend-core shardingsphere-data-pipeline-core shardingsphere-data-pipeline-scenario-migration shardingsphere-proxy-native-distribution shardingsphere-test-e2e-fixture shardingsphere-agent-plugin-core shardingsphere-agent-metrics-prometheus shardingsphere-test-e2e-agent-plugins-common shardingsphere-agent-logging-file shardingsphere-data-pipeline-scenario-consistencycheck shardingsphere-test-e2e-agent-plugins-logging-file shardingsphere-agent-plugins shardingsphere-proxy-frontend-spi shardingsphere-agent-tracing-opentelemetry shardingsphere-data-pipeline-postgresql shardingsphere-proxy-backend-core shardingsphere-test-e2e-transaction shardingsphere-proxy-backend-hbase shardingsphere-test-e2e-agent-plugins-jaeger shardingsphere-test-e2e-agent-jdbc-project shardingsphere-test-it-optimizer shardingsphere-proxy-frontend-postgresql shardingsphere-agent-plugin-metrics shardingsphere-agent-metrics-type shardingsphere-test-e2e-pipeline shardingsphere-proxy-backend-opengauss org.apache.shardingsphere:shardingsphere-parser-sql-sql92:5.5.1-SNAPSHOT is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.shardingsphere/shardingsphere-test-it-optimizer@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-scenario-consistencycheck@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-tracing-opentelemetry@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-distribution@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-jdbc-distribution@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-jdbc@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-mysql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-hbase@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-pipeline@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-logging-file@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-postgresql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-distsql-handler@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-showprocesslist@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-fixture@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-logging-type@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-tracing-type@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-jaeger@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-bootstrap@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-metrics-prometheus@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-opengauss@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-opengauss@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-opengauss@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-metrics-type@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-metrics-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-spi@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-tracing-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugin-tracing@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugin-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-driver@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-transaction@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-zipkin@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-env@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugins@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-common@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-sql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugin-logging@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-mysql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-cdc-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-postgresql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-logging-file@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-jdbc-project@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugin-metrics@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-postgresql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-it-pipeline@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-scenario-migration@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-native-distribution@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-metrics-prometheus@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT Evidence Type Source Name Value Confidence Vendor file name pom High Vendor project artifactid shardingsphere-parser-sql-sql92 Low Vendor project groupid org.apache.shardingsphere Highest Product file name pom High Product project artifactid shardingsphere-parser-sql-sql92 Highest Product project groupid org.apache.shardingsphere Low
org.apache.shardingsphere:shardingsphere-parser-sql-sqlserver:5.5.1-SNAPSHOTDescription:
Build criterion and ecosystem above multi-model databases License:
Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/runner/work/shardingsphere-doc/shardingsphere-doc/shardingsphere/parser/sql/dialect/sqlserver/pom.xml
Referenced In Projects/Scopes: shardingsphere-agent-logging-type shardingsphere-proxy-frontend-opengauss shardingsphere-proxy-distribution shardingsphere-jdbc-distribution shardingsphere-agent-metrics-core shardingsphere-data-pipeline-distsql-handler shardingsphere-test-e2e-agent-plugins-metrics-prometheus shardingsphere-agent-plugin-logging shardingsphere-agent-plugin-tracing shardingsphere-test-e2e-sql shardingsphere-proxy-backend-mysql shardingsphere-jdbc shardingsphere-proxy-frontend-mysql shardingsphere-agent-tracing-core shardingsphere-test-it-pipeline shardingsphere-proxy-backend-postgresql shardingsphere-data-pipeline-opengauss shardingsphere-test-e2e-driver shardingsphere-proxy-bootstrap shardingsphere-data-pipeline-cdc-core shardingsphere-test-e2e-agent-plugins-zipkin shardingsphere-test-e2e-env shardingsphere-test-e2e-showprocesslist shardingsphere-agent-tracing-type shardingsphere-proxy-frontend-core shardingsphere-data-pipeline-core shardingsphere-data-pipeline-scenario-migration shardingsphere-proxy-native-distribution shardingsphere-test-e2e-fixture shardingsphere-agent-plugin-core shardingsphere-agent-metrics-prometheus shardingsphere-test-e2e-agent-plugins-common shardingsphere-agent-logging-file shardingsphere-data-pipeline-scenario-consistencycheck shardingsphere-test-e2e-agent-plugins-logging-file shardingsphere-agent-plugins shardingsphere-proxy-frontend-spi shardingsphere-agent-tracing-opentelemetry shardingsphere-data-pipeline-postgresql shardingsphere-proxy-backend-core shardingsphere-test-e2e-transaction shardingsphere-proxy-backend-hbase shardingsphere-test-e2e-agent-plugins-jaeger shardingsphere-test-e2e-agent-jdbc-project shardingsphere-test-it-optimizer shardingsphere-proxy-frontend-postgresql shardingsphere-agent-plugin-metrics shardingsphere-agent-metrics-type shardingsphere-test-e2e-pipeline shardingsphere-proxy-backend-opengauss org.apache.shardingsphere:shardingsphere-parser-sql-sqlserver:5.5.1-SNAPSHOT is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.shardingsphere/shardingsphere-agent-tracing-opentelemetry@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-distribution@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-scenario-consistencycheck@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-postgresql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-metrics-prometheus@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugin-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-showprocesslist@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-bootstrap@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-native-distribution@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-opengauss@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugin-logging@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-opengauss@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugin-tracing@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-tracing-type@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-postgresql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-it-pipeline@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-common@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-zipkin@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-logging-file@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-it-optimizer@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-spi@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-sql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-env@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-distsql-handler@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-logging-type@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-jaeger@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugin-metrics@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-opengauss@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-jdbc-distribution@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-logging-file@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-metrics-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-postgresql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-metrics-prometheus@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-hbase@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-fixture@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-transaction@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-mysql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-driver@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugins@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-jdbc@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-jdbc-project@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-tracing-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-pipeline@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-metrics-type@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-mysql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-cdc-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-scenario-migration@5.5.1-SNAPSHOT Evidence Type Source Name Value Confidence Vendor file name pom High Vendor project artifactid shardingsphere-parser-sql-sqlserver Low Vendor project groupid org.apache.shardingsphere Highest Product file name pom High Product project artifactid shardingsphere-parser-sql-sqlserver Highest Product project groupid org.apache.shardingsphere Low
org.apache.shardingsphere:shardingsphere-parser-sql-statement-clickhouse:5.5.1-SNAPSHOT org.apache.shardingsphere:shardingsphere-parser-sql-statement-core:5.5.1-SNAPSHOT org.apache.shardingsphere:shardingsphere-parser-sql-statement-doris:5.5.1-SNAPSHOT org.apache.shardingsphere:shardingsphere-parser-sql-statement-hive:5.5.1-SNAPSHOT org.apache.shardingsphere:shardingsphere-parser-sql-statement-mysql:5.5.1-SNAPSHOT org.apache.shardingsphere:shardingsphere-parser-sql-statement-opengauss:5.5.1-SNAPSHOT org.apache.shardingsphere:shardingsphere-parser-sql-statement-oracle:5.5.1-SNAPSHOT org.apache.shardingsphere:shardingsphere-parser-sql-statement-postgresql:5.5.1-SNAPSHOT org.apache.shardingsphere:shardingsphere-parser-sql-statement-presto:5.5.1-SNAPSHOT org.apache.shardingsphere:shardingsphere-parser-sql-statement-sql92:5.5.1-SNAPSHOT org.apache.shardingsphere:shardingsphere-parser-sql-statement-sqlserver:5.5.1-SNAPSHOT org.apache.shardingsphere:shardingsphere-postgresql-dialect-exception:5.5.1-SNAPSHOTDescription:
Build criterion and ecosystem above multi-model databases License:
Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/runner/work/shardingsphere-doc/shardingsphere-doc/shardingsphere/infra/exception/dialect/type/postgresql/pom.xml
Referenced In Projects/Scopes: shardingsphere-agent-logging-type shardingsphere-proxy-frontend-opengauss shardingsphere-proxy-distribution shardingsphere-jdbc-distribution shardingsphere-agent-metrics-core shardingsphere-data-pipeline-distsql-handler shardingsphere-test-e2e-agent-plugins-metrics-prometheus shardingsphere-agent-plugin-logging shardingsphere-agent-plugin-tracing shardingsphere-test-e2e-sql shardingsphere-proxy-backend-mysql shardingsphere-jdbc shardingsphere-proxy-frontend-mysql shardingsphere-agent-tracing-core shardingsphere-test-it-pipeline shardingsphere-proxy-backend-postgresql shardingsphere-data-pipeline-opengauss shardingsphere-test-e2e-driver shardingsphere-proxy-bootstrap shardingsphere-data-pipeline-cdc-core shardingsphere-test-e2e-agent-plugins-zipkin shardingsphere-test-e2e-env shardingsphere-test-e2e-showprocesslist shardingsphere-agent-tracing-type shardingsphere-postgresql-protocol shardingsphere-proxy-frontend-core shardingsphere-data-pipeline-core shardingsphere-data-pipeline-scenario-migration shardingsphere-proxy-native-distribution shardingsphere-test-e2e-fixture shardingsphere-agent-plugin-core shardingsphere-agent-metrics-prometheus shardingsphere-test-e2e-agent-plugins-common shardingsphere-agent-logging-file shardingsphere-data-pipeline-scenario-consistencycheck shardingsphere-test-e2e-agent-plugins-logging-file shardingsphere-agent-plugins shardingsphere-proxy-frontend-spi shardingsphere-agent-tracing-opentelemetry shardingsphere-data-pipeline-postgresql shardingsphere-proxy-backend-core shardingsphere-test-e2e-transaction shardingsphere-proxy-backend-hbase shardingsphere-test-e2e-agent-plugins-jaeger shardingsphere-test-e2e-agent-jdbc-project shardingsphere-proxy-frontend-postgresql shardingsphere-agent-plugin-metrics shardingsphere-agent-metrics-type shardingsphere-opengauss-protocol shardingsphere-test-e2e-pipeline shardingsphere-proxy-backend-opengauss org.apache.shardingsphere:shardingsphere-postgresql-dialect-exception:5.5.1-SNAPSHOT is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.shardingsphere/shardingsphere-agent-tracing-opentelemetry@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-tracing-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-fixture@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-native-distribution@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugins@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-opengauss@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-tracing-type@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-jdbc@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-mysql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-opengauss@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-metrics-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-bootstrap@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-hbase@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-jdbc-distribution@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-logging-file@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-cdc-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-mysql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-distribution@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-postgresql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-showprocesslist@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-transaction@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-logging-file@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-spi@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-zipkin@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-metrics-prometheus@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-opengauss@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-scenario-migration@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugin-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-distsql-handler@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-sql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-metrics-prometheus@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-scenario-consistencycheck@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-opengauss-protocol@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-metrics-type@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-pipeline@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-jdbc-project@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugin-metrics@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-it-pipeline@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-postgresql-protocol@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-driver@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-env@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-postgresql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugin-logging@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-common@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-postgresql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-jaeger@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-logging-type@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugin-tracing@5.5.1-SNAPSHOT Evidence Type Source Name Value Confidence Vendor file name pom High Vendor project artifactid shardingsphere-postgresql-dialect-exception Low Vendor project groupid org.apache.shardingsphere Highest Product file name pom High Product project artifactid shardingsphere-postgresql-dialect-exception Highest Product project groupid org.apache.shardingsphere Low
org.apache.shardingsphere:shardingsphere-postgresql-protocol:5.5.1-SNAPSHOTDescription:
Build criterion and ecosystem above multi-model databases License:
Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/runner/work/shardingsphere-doc/shardingsphere-doc/shardingsphere/db-protocol/postgresql/pom.xml
Referenced In Projects/Scopes: shardingsphere-test-e2e-transaction shardingsphere-test-e2e-fixture shardingsphere-proxy-frontend-opengauss shardingsphere-proxy-distribution shardingsphere-agent-metrics-prometheus shardingsphere-agent-metrics-core shardingsphere-proxy-bootstrap shardingsphere-test-e2e-agent-plugins-jaeger shardingsphere-test-e2e-agent-plugins-metrics-prometheus shardingsphere-test-e2e-agent-plugins-common shardingsphere-test-e2e-agent-plugins-logging-file shardingsphere-proxy-frontend-postgresql shardingsphere-test-e2e-agent-plugins-zipkin shardingsphere-test-e2e-env shardingsphere-test-e2e-sql shardingsphere-test-e2e-showprocesslist shardingsphere-opengauss-protocol shardingsphere-test-e2e-pipeline shardingsphere-proxy-native-distribution org.apache.shardingsphere:shardingsphere-postgresql-protocol:5.5.1-SNAPSHOT is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-opengauss@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-metrics-prometheus@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-metrics-prometheus@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-fixture@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-postgresql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-common@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-transaction@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-pipeline@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-sql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-opengauss-protocol@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-jaeger@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-metrics-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-logging-file@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-showprocesslist@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-native-distribution@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-distribution@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-env@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-zipkin@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-bootstrap@5.5.1-SNAPSHOT Evidence Type Source Name Value Confidence Vendor file name pom High Vendor project artifactid shardingsphere-postgresql-protocol Low Vendor project groupid org.apache.shardingsphere Highest Product file name pom High Product project artifactid shardingsphere-postgresql-protocol Highest Product project groupid org.apache.shardingsphere Low
org.apache.shardingsphere:shardingsphere-proxy-backend-core:5.5.1-SNAPSHOTDescription:
Build criterion and ecosystem above multi-model databases License:
Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/runner/work/shardingsphere-doc/shardingsphere-doc/shardingsphere/proxy/backend/core/pom.xml
Referenced In Projects/Scopes: shardingsphere-agent-logging-type shardingsphere-test-e2e-fixture shardingsphere-proxy-frontend-opengauss shardingsphere-proxy-distribution shardingsphere-agent-plugin-core shardingsphere-agent-metrics-prometheus shardingsphere-agent-metrics-core shardingsphere-test-e2e-agent-plugins-metrics-prometheus shardingsphere-test-e2e-agent-plugins-common shardingsphere-agent-logging-file shardingsphere-test-e2e-agent-plugins-logging-file shardingsphere-agent-plugin-logging shardingsphere-agent-plugins shardingsphere-agent-plugin-tracing shardingsphere-proxy-frontend-spi shardingsphere-agent-tracing-opentelemetry shardingsphere-test-e2e-sql shardingsphere-proxy-backend-mysql shardingsphere-proxy-frontend-mysql shardingsphere-agent-tracing-core shardingsphere-proxy-backend-postgresql shardingsphere-test-e2e-transaction shardingsphere-proxy-backend-hbase shardingsphere-proxy-bootstrap shardingsphere-test-e2e-agent-plugins-jaeger shardingsphere-proxy-frontend-postgresql shardingsphere-test-e2e-agent-plugins-zipkin shardingsphere-test-e2e-env shardingsphere-test-e2e-showprocesslist shardingsphere-agent-tracing-type shardingsphere-agent-plugin-metrics shardingsphere-proxy-frontend-core shardingsphere-agent-metrics-type shardingsphere-test-e2e-pipeline shardingsphere-proxy-native-distribution shardingsphere-proxy-backend-opengauss org.apache.shardingsphere:shardingsphere-proxy-backend-core:5.5.1-SNAPSHOT is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-mysql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-native-distribution@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-distribution@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-opengauss@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-hbase@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-transaction@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-postgresql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-logging-file@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-bootstrap@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugin-metrics@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-tracing-type@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-env@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-showprocesslist@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-tracing-opentelemetry@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-spi@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-opengauss@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-jaeger@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-metrics-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-tracing-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugin-tracing@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-metrics-prometheus@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-mysql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-fixture@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-metrics-prometheus@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-pipeline@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugin-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugin-logging@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-sql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-logging-file@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugins@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-zipkin@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-metrics-type@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-logging-type@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-common@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-postgresql@5.5.1-SNAPSHOT Evidence Type Source Name Value Confidence Vendor file name pom High Vendor project artifactid shardingsphere-proxy-backend-core Low Vendor project groupid org.apache.shardingsphere Highest Product file name pom High Product project artifactid shardingsphere-proxy-backend-core Highest Product project groupid org.apache.shardingsphere Low
org.apache.shardingsphere:shardingsphere-proxy-backend-mysql:5.5.1-SNAPSHOTDescription:
Build criterion and ecosystem above multi-model databases License:
Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/runner/work/shardingsphere-doc/shardingsphere-doc/shardingsphere/proxy/backend/type/mysql/pom.xml
Referenced In Projects/Scopes: shardingsphere-test-e2e-transaction shardingsphere-test-e2e-fixture shardingsphere-proxy-frontend-opengauss shardingsphere-proxy-distribution shardingsphere-agent-metrics-prometheus shardingsphere-agent-metrics-core shardingsphere-proxy-bootstrap shardingsphere-test-e2e-agent-plugins-jaeger shardingsphere-test-e2e-agent-plugins-metrics-prometheus shardingsphere-test-e2e-agent-plugins-common shardingsphere-test-e2e-agent-plugins-logging-file shardingsphere-proxy-frontend-postgresql shardingsphere-test-e2e-agent-plugins-zipkin shardingsphere-test-e2e-env shardingsphere-agent-tracing-opentelemetry shardingsphere-test-e2e-sql shardingsphere-test-e2e-showprocesslist shardingsphere-agent-tracing-type shardingsphere-proxy-frontend-mysql shardingsphere-proxy-frontend-core shardingsphere-agent-tracing-core shardingsphere-test-e2e-pipeline shardingsphere-proxy-native-distribution org.apache.shardingsphere:shardingsphere-proxy-backend-mysql:5.5.1-SNAPSHOT is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-fixture@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-tracing-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-metrics-prometheus@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-tracing-type@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-sql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-transaction@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-opengauss@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-common@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-bootstrap@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-zipkin@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-distribution@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-metrics-prometheus@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-postgresql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-metrics-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-pipeline@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-env@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-jaeger@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-logging-file@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-tracing-opentelemetry@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-showprocesslist@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-mysql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-native-distribution@5.5.1-SNAPSHOT Evidence Type Source Name Value Confidence Vendor file name pom High Vendor project artifactid shardingsphere-proxy-backend-mysql Low Vendor project groupid org.apache.shardingsphere Highest Product file name pom High Product project artifactid shardingsphere-proxy-backend-mysql Highest Product project groupid org.apache.shardingsphere Low
org.apache.shardingsphere:shardingsphere-proxy-backend-opengauss:5.5.1-SNAPSHOTDescription:
Build criterion and ecosystem above multi-model databases License:
Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/runner/work/shardingsphere-doc/shardingsphere-doc/shardingsphere/proxy/backend/type/opengauss/pom.xml
Referenced In Projects/Scopes: shardingsphere-test-e2e-transaction shardingsphere-test-e2e-fixture shardingsphere-proxy-frontend-opengauss shardingsphere-proxy-distribution shardingsphere-agent-metrics-prometheus shardingsphere-agent-metrics-core shardingsphere-proxy-bootstrap shardingsphere-test-e2e-agent-plugins-jaeger shardingsphere-test-e2e-agent-plugins-metrics-prometheus shardingsphere-test-e2e-agent-plugins-common shardingsphere-test-e2e-agent-plugins-logging-file shardingsphere-proxy-frontend-postgresql shardingsphere-test-e2e-agent-plugins-zipkin shardingsphere-test-e2e-env shardingsphere-agent-tracing-opentelemetry shardingsphere-test-e2e-sql shardingsphere-test-e2e-showprocesslist shardingsphere-agent-tracing-type shardingsphere-proxy-frontend-mysql shardingsphere-proxy-frontend-core shardingsphere-agent-tracing-core shardingsphere-test-e2e-pipeline shardingsphere-proxy-native-distribution org.apache.shardingsphere:shardingsphere-proxy-backend-opengauss:5.5.1-SNAPSHOT is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.shardingsphere/shardingsphere-agent-tracing-type@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-postgresql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-mysql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-common@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-tracing-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-transaction@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-tracing-opentelemetry@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-metrics-prometheus@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-jaeger@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-fixture@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-logging-file@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-metrics-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-zipkin@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-sql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-pipeline@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-distribution@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-metrics-prometheus@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-native-distribution@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-bootstrap@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-opengauss@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-env@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-showprocesslist@5.5.1-SNAPSHOT Evidence Type Source Name Value Confidence Vendor file name pom High Vendor project artifactid shardingsphere-proxy-backend-opengauss Low Vendor project groupid org.apache.shardingsphere Highest Product file name pom High Product project artifactid shardingsphere-proxy-backend-opengauss Highest Product project groupid org.apache.shardingsphere Low
org.apache.shardingsphere:shardingsphere-proxy-backend-postgresql:5.5.1-SNAPSHOTDescription:
Build criterion and ecosystem above multi-model databases License:
Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/runner/work/shardingsphere-doc/shardingsphere-doc/shardingsphere/proxy/backend/type/postgresql/pom.xml
Referenced In Projects/Scopes: shardingsphere-test-e2e-fixture shardingsphere-proxy-frontend-opengauss shardingsphere-proxy-distribution shardingsphere-agent-metrics-prometheus shardingsphere-agent-metrics-core shardingsphere-test-e2e-agent-plugins-metrics-prometheus shardingsphere-test-e2e-agent-plugins-common shardingsphere-test-e2e-agent-plugins-logging-file shardingsphere-agent-tracing-opentelemetry shardingsphere-test-e2e-sql shardingsphere-proxy-frontend-mysql shardingsphere-agent-tracing-core shardingsphere-test-e2e-transaction shardingsphere-proxy-bootstrap shardingsphere-test-e2e-agent-plugins-jaeger shardingsphere-proxy-frontend-postgresql shardingsphere-test-e2e-agent-plugins-zipkin shardingsphere-test-e2e-env shardingsphere-test-e2e-showprocesslist shardingsphere-agent-tracing-type shardingsphere-proxy-frontend-core shardingsphere-test-e2e-pipeline shardingsphere-proxy-native-distribution shardingsphere-proxy-backend-opengauss org.apache.shardingsphere:shardingsphere-proxy-backend-postgresql:5.5.1-SNAPSHOT is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-zipkin@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-opengauss@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-tracing-type@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-env@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-distribution@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-jaeger@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-logging-file@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-tracing-opentelemetry@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-bootstrap@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-tracing-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-metrics-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-pipeline@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-postgresql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-transaction@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-sql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-mysql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-metrics-prometheus@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-common@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-opengauss@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-metrics-prometheus@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-showprocesslist@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-native-distribution@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-fixture@5.5.1-SNAPSHOT Evidence Type Source Name Value Confidence Vendor file name pom High Vendor project artifactid shardingsphere-proxy-backend-postgresql Low Vendor project groupid org.apache.shardingsphere Highest Product file name pom High Product project artifactid shardingsphere-proxy-backend-postgresql Highest Product project groupid org.apache.shardingsphere Low
org.apache.shardingsphere:shardingsphere-proxy-bootstrap:5.5.1-SNAPSHOTDescription:
Build criterion and ecosystem above multi-model databases License:
Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/runner/work/shardingsphere-doc/shardingsphere-doc/shardingsphere/proxy/bootstrap/pom.xml
Referenced In Projects/Scopes: shardingsphere-test-e2e-transaction shardingsphere-test-e2e-fixture shardingsphere-proxy-distribution shardingsphere-agent-metrics-prometheus shardingsphere-agent-metrics-core shardingsphere-test-e2e-agent-plugins-jaeger shardingsphere-test-e2e-agent-plugins-metrics-prometheus shardingsphere-test-e2e-agent-plugins-common shardingsphere-test-e2e-agent-plugins-logging-file shardingsphere-test-e2e-agent-plugins-zipkin shardingsphere-test-e2e-env shardingsphere-test-e2e-sql shardingsphere-test-e2e-showprocesslist shardingsphere-test-e2e-pipeline shardingsphere-proxy-native-distribution org.apache.shardingsphere:shardingsphere-proxy-bootstrap:5.5.1-SNAPSHOT is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-jaeger@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-fixture@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-distribution@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-transaction@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-env@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-sql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-metrics-prometheus@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-showprocesslist@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-native-distribution@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-metrics-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-metrics-prometheus@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-pipeline@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-common@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-zipkin@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-logging-file@5.5.1-SNAPSHOT Evidence Type Source Name Value Confidence Vendor file name pom High Vendor project artifactid shardingsphere-proxy-bootstrap Low Vendor project groupid org.apache.shardingsphere Highest Product file name pom High Product project artifactid shardingsphere-proxy-bootstrap Highest Product project groupid org.apache.shardingsphere Low
org.apache.shardingsphere:shardingsphere-proxy-frontend-core:5.5.1-SNAPSHOTDescription:
Build criterion and ecosystem above multi-model databases License:
Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/runner/work/shardingsphere-doc/shardingsphere-doc/shardingsphere/proxy/frontend/core/pom.xml
Referenced In Projects/Scopes: shardingsphere-test-e2e-transaction shardingsphere-test-e2e-fixture shardingsphere-proxy-frontend-opengauss shardingsphere-proxy-distribution shardingsphere-agent-metrics-prometheus shardingsphere-agent-metrics-core shardingsphere-proxy-bootstrap shardingsphere-test-e2e-agent-plugins-jaeger shardingsphere-test-e2e-agent-plugins-metrics-prometheus shardingsphere-test-e2e-agent-plugins-common shardingsphere-test-e2e-agent-plugins-logging-file shardingsphere-proxy-frontend-postgresql shardingsphere-test-e2e-agent-plugins-zipkin shardingsphere-test-e2e-env shardingsphere-agent-tracing-opentelemetry shardingsphere-test-e2e-sql shardingsphere-test-e2e-showprocesslist shardingsphere-agent-tracing-type shardingsphere-proxy-frontend-mysql shardingsphere-agent-tracing-core shardingsphere-test-e2e-pipeline shardingsphere-proxy-native-distribution org.apache.shardingsphere:shardingsphere-proxy-frontend-core:5.5.1-SNAPSHOT is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.shardingsphere/shardingsphere-agent-tracing-opentelemetry@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-bootstrap@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-env@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-transaction@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-sql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-metrics-prometheus@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-opengauss@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-postgresql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-showprocesslist@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-fixture@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-metrics-prometheus@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-tracing-type@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-pipeline@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-mysql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-distribution@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-common@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-native-distribution@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-zipkin@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-logging-file@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-jaeger@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-metrics-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-tracing-core@5.5.1-SNAPSHOT Evidence Type Source Name Value Confidence Vendor file name pom High Vendor project artifactid shardingsphere-proxy-frontend-core Low Vendor project groupid org.apache.shardingsphere Highest Product file name pom High Product project artifactid shardingsphere-proxy-frontend-core Highest Product project groupid org.apache.shardingsphere Low
org.apache.shardingsphere:shardingsphere-proxy-frontend-mysql:5.5.1-SNAPSHOTDescription:
Build criterion and ecosystem above multi-model databases License:
Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/runner/work/shardingsphere-doc/shardingsphere-doc/shardingsphere/proxy/frontend/type/mysql/pom.xml
Referenced In Projects/Scopes: shardingsphere-test-e2e-transaction shardingsphere-test-e2e-fixture shardingsphere-proxy-distribution shardingsphere-agent-metrics-prometheus shardingsphere-agent-metrics-core shardingsphere-proxy-bootstrap shardingsphere-test-e2e-agent-plugins-jaeger shardingsphere-test-e2e-agent-plugins-metrics-prometheus shardingsphere-test-e2e-agent-plugins-common shardingsphere-test-e2e-agent-plugins-logging-file shardingsphere-test-e2e-agent-plugins-zipkin shardingsphere-test-e2e-env shardingsphere-test-e2e-sql shardingsphere-test-e2e-showprocesslist shardingsphere-test-e2e-pipeline shardingsphere-proxy-native-distribution org.apache.shardingsphere:shardingsphere-proxy-frontend-mysql:5.5.1-SNAPSHOT is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-showprocesslist@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-bootstrap@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-logging-file@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-metrics-prometheus@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-metrics-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-env@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-common@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-native-distribution@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-fixture@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-metrics-prometheus@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-pipeline@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-zipkin@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-transaction@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-jaeger@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-sql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-distribution@5.5.1-SNAPSHOT Evidence Type Source Name Value Confidence Vendor file name pom High Vendor project artifactid shardingsphere-proxy-frontend-mysql Low Vendor project groupid org.apache.shardingsphere Highest Product file name pom High Product project artifactid shardingsphere-proxy-frontend-mysql Highest Product project groupid org.apache.shardingsphere Low
org.apache.shardingsphere:shardingsphere-proxy-frontend-opengauss:5.5.1-SNAPSHOTDescription:
Build criterion and ecosystem above multi-model databases License:
Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/runner/work/shardingsphere-doc/shardingsphere-doc/shardingsphere/proxy/frontend/type/opengauss/pom.xml
Referenced In Projects/Scopes: shardingsphere-test-e2e-transaction shardingsphere-test-e2e-fixture shardingsphere-proxy-distribution shardingsphere-agent-metrics-prometheus shardingsphere-agent-metrics-core shardingsphere-proxy-bootstrap shardingsphere-test-e2e-agent-plugins-jaeger shardingsphere-test-e2e-agent-plugins-metrics-prometheus shardingsphere-test-e2e-agent-plugins-common shardingsphere-test-e2e-agent-plugins-logging-file shardingsphere-test-e2e-agent-plugins-zipkin shardingsphere-test-e2e-env shardingsphere-test-e2e-sql shardingsphere-test-e2e-showprocesslist shardingsphere-test-e2e-pipeline shardingsphere-proxy-native-distribution org.apache.shardingsphere:shardingsphere-proxy-frontend-opengauss:5.5.1-SNAPSHOT is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-showprocesslist@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-metrics-prometheus@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-env@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-common@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-metrics-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-bootstrap@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-fixture@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-transaction@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-logging-file@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-native-distribution@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-pipeline@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-distribution@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-sql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-zipkin@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-jaeger@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-metrics-prometheus@5.5.1-SNAPSHOT Evidence Type Source Name Value Confidence Vendor file name pom High Vendor project artifactid shardingsphere-proxy-frontend-opengauss Low Vendor project groupid org.apache.shardingsphere Highest Product file name pom High Product project artifactid shardingsphere-proxy-frontend-opengauss Highest Product project groupid org.apache.shardingsphere Low
org.apache.shardingsphere:shardingsphere-proxy-frontend-postgresql:5.5.1-SNAPSHOTDescription:
Build criterion and ecosystem above multi-model databases License:
Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/runner/work/shardingsphere-doc/shardingsphere-doc/shardingsphere/proxy/frontend/type/postgresql/pom.xml
Referenced In Projects/Scopes: shardingsphere-test-e2e-transaction shardingsphere-test-e2e-fixture shardingsphere-proxy-frontend-opengauss shardingsphere-proxy-distribution shardingsphere-agent-metrics-prometheus shardingsphere-agent-metrics-core shardingsphere-proxy-bootstrap shardingsphere-test-e2e-agent-plugins-jaeger shardingsphere-test-e2e-agent-plugins-metrics-prometheus shardingsphere-test-e2e-agent-plugins-common shardingsphere-test-e2e-agent-plugins-logging-file shardingsphere-test-e2e-agent-plugins-zipkin shardingsphere-test-e2e-env shardingsphere-test-e2e-sql shardingsphere-test-e2e-showprocesslist shardingsphere-test-e2e-pipeline shardingsphere-proxy-native-distribution org.apache.shardingsphere:shardingsphere-proxy-frontend-postgresql:5.5.1-SNAPSHOT is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.shardingsphere/shardingsphere-agent-metrics-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-fixture@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-metrics-prometheus@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-metrics-prometheus@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-native-distribution@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-sql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-common@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-showprocesslist@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-jaeger@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-env@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-distribution@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-zipkin@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-transaction@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-logging-file@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-bootstrap@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-opengauss@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-pipeline@5.5.1-SNAPSHOT Evidence Type Source Name Value Confidence Vendor file name pom High Vendor project artifactid shardingsphere-proxy-frontend-postgresql Low Vendor project groupid org.apache.shardingsphere Highest Product file name pom High Product project artifactid shardingsphere-proxy-frontend-postgresql Highest Product project groupid org.apache.shardingsphere Low
org.apache.shardingsphere:shardingsphere-proxy-frontend-spi:5.5.1-SNAPSHOTDescription:
Build criterion and ecosystem above multi-model databases License:
Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/runner/work/shardingsphere-doc/shardingsphere-doc/shardingsphere/proxy/frontend/spi/pom.xml
Referenced In Projects/Scopes: shardingsphere-test-e2e-transaction shardingsphere-test-e2e-fixture shardingsphere-proxy-frontend-opengauss shardingsphere-proxy-distribution shardingsphere-agent-metrics-prometheus shardingsphere-agent-metrics-core shardingsphere-proxy-bootstrap shardingsphere-test-e2e-agent-plugins-jaeger shardingsphere-test-e2e-agent-plugins-metrics-prometheus shardingsphere-test-e2e-agent-plugins-common shardingsphere-test-e2e-agent-plugins-logging-file shardingsphere-proxy-frontend-postgresql shardingsphere-test-e2e-agent-plugins-zipkin shardingsphere-test-e2e-env shardingsphere-agent-tracing-opentelemetry shardingsphere-test-e2e-sql shardingsphere-test-e2e-showprocesslist shardingsphere-agent-tracing-type shardingsphere-proxy-frontend-mysql shardingsphere-proxy-frontend-core shardingsphere-agent-tracing-core shardingsphere-test-e2e-pipeline shardingsphere-proxy-native-distribution org.apache.shardingsphere:shardingsphere-proxy-frontend-spi:5.5.1-SNAPSHOT is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.shardingsphere/shardingsphere-agent-metrics-prometheus@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-native-distribution@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-tracing-opentelemetry@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-tracing-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-mysql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-logging-file@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-metrics-prometheus@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-jaeger@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-zipkin@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-fixture@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-pipeline@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-common@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-transaction@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-distribution@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-metrics-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-sql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-opengauss@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-postgresql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-env@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-bootstrap@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-tracing-type@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-showprocesslist@5.5.1-SNAPSHOT Evidence Type Source Name Value Confidence Vendor file name pom High Vendor project artifactid shardingsphere-proxy-frontend-spi Low Vendor project groupid org.apache.shardingsphere Highest Product file name pom High Product project artifactid shardingsphere-proxy-frontend-spi Highest Product project groupid org.apache.shardingsphere Low
org.apache.shardingsphere:shardingsphere-readwrite-splitting-api:5.5.1-SNAPSHOTDescription:
Build criterion and ecosystem above multi-model databases License:
Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/runner/work/shardingsphere-doc/shardingsphere-doc/shardingsphere/features/readwrite-splitting/api/pom.xml
Referenced In Projects/Scopes: shardingsphere-agent-logging-type shardingsphere-proxy-frontend-opengauss shardingsphere-proxy-distribution shardingsphere-jdbc-distribution shardingsphere-agent-metrics-core shardingsphere-data-pipeline-distsql-handler shardingsphere-test-e2e-agent-plugins-metrics-prometheus shardingsphere-agent-plugin-logging shardingsphere-agent-plugin-tracing shardingsphere-test-e2e-sql shardingsphere-readwrite-splitting-core shardingsphere-proxy-backend-mysql shardingsphere-jdbc shardingsphere-proxy-frontend-mysql shardingsphere-readwrite-splitting-distsql-handler shardingsphere-agent-tracing-core shardingsphere-test-it-pipeline shardingsphere-proxy-backend-postgresql shardingsphere-data-pipeline-opengauss shardingsphere-test-e2e-driver shardingsphere-proxy-bootstrap shardingsphere-data-pipeline-cdc-core shardingsphere-test-e2e-agent-plugins-zipkin shardingsphere-test-e2e-env shardingsphere-test-e2e-showprocesslist shardingsphere-agent-tracing-type shardingsphere-proxy-frontend-core shardingsphere-data-pipeline-core shardingsphere-data-pipeline-scenario-migration shardingsphere-proxy-native-distribution shardingsphere-test-e2e-fixture shardingsphere-agent-plugin-core shardingsphere-agent-metrics-prometheus shardingsphere-test-e2e-agent-plugins-common shardingsphere-agent-logging-file shardingsphere-data-pipeline-scenario-consistencycheck shardingsphere-test-e2e-agent-plugins-logging-file shardingsphere-agent-plugins shardingsphere-proxy-frontend-spi shardingsphere-agent-tracing-opentelemetry shardingsphere-data-pipeline-postgresql shardingsphere-proxy-backend-core shardingsphere-test-e2e-transaction shardingsphere-proxy-backend-hbase shardingsphere-test-e2e-agent-plugins-jaeger shardingsphere-test-e2e-agent-jdbc-project shardingsphere-proxy-frontend-postgresql shardingsphere-agent-plugin-metrics shardingsphere-agent-metrics-type shardingsphere-test-e2e-pipeline shardingsphere-proxy-backend-opengauss org.apache.shardingsphere:shardingsphere-readwrite-splitting-api:5.5.1-SNAPSHOT is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-hbase@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-showprocesslist@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-metrics-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-readwrite-splitting-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-mysql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugin-tracing@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-common@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-spi@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-cdc-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-driver@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-opengauss@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-postgresql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-tracing-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-pipeline@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-metrics-type@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-logging-file@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugin-logging@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-tracing-type@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-transaction@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-jaeger@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-fixture@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugins@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-jdbc@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-postgresql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-metrics-prometheus@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-bootstrap@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugin-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-logging-file@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-scenario-migration@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-metrics-prometheus@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-distribution@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-zipkin@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-jdbc-distribution@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-mysql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-sql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-tracing-opentelemetry@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-readwrite-splitting-distsql-handler@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-it-pipeline@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-postgresql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-opengauss@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-native-distribution@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-opengauss@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-distsql-handler@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-jdbc-project@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-logging-type@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-env@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugin-metrics@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-scenario-consistencycheck@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-core@5.5.1-SNAPSHOT Evidence Type Source Name Value Confidence Vendor file name pom High Vendor project artifactid shardingsphere-readwrite-splitting-api Low Vendor project groupid org.apache.shardingsphere Highest Product file name pom High Product project artifactid shardingsphere-readwrite-splitting-api Highest Product project groupid org.apache.shardingsphere Low
org.apache.shardingsphere:shardingsphere-readwrite-splitting-core:5.5.1-SNAPSHOTDescription:
Build criterion and ecosystem above multi-model databases License:
Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/runner/work/shardingsphere-doc/shardingsphere-doc/shardingsphere/features/readwrite-splitting/core/pom.xml
Referenced In Projects/Scopes: shardingsphere-agent-logging-type shardingsphere-proxy-frontend-opengauss shardingsphere-proxy-distribution shardingsphere-jdbc-distribution shardingsphere-agent-metrics-core shardingsphere-data-pipeline-distsql-handler shardingsphere-test-e2e-agent-plugins-metrics-prometheus shardingsphere-agent-plugin-logging shardingsphere-agent-plugin-tracing shardingsphere-test-e2e-sql shardingsphere-proxy-backend-mysql shardingsphere-jdbc shardingsphere-proxy-frontend-mysql shardingsphere-readwrite-splitting-distsql-handler shardingsphere-agent-tracing-core shardingsphere-test-it-pipeline shardingsphere-proxy-backend-postgresql shardingsphere-data-pipeline-opengauss shardingsphere-test-e2e-driver shardingsphere-proxy-bootstrap shardingsphere-data-pipeline-cdc-core shardingsphere-test-e2e-agent-plugins-zipkin shardingsphere-test-e2e-env shardingsphere-test-e2e-showprocesslist shardingsphere-agent-tracing-type shardingsphere-proxy-frontend-core shardingsphere-data-pipeline-core shardingsphere-data-pipeline-scenario-migration shardingsphere-proxy-native-distribution shardingsphere-test-e2e-fixture shardingsphere-agent-plugin-core shardingsphere-agent-metrics-prometheus shardingsphere-test-e2e-agent-plugins-common shardingsphere-agent-logging-file shardingsphere-data-pipeline-scenario-consistencycheck shardingsphere-test-e2e-agent-plugins-logging-file shardingsphere-agent-plugins shardingsphere-proxy-frontend-spi shardingsphere-agent-tracing-opentelemetry shardingsphere-data-pipeline-postgresql shardingsphere-proxy-backend-core shardingsphere-test-e2e-transaction shardingsphere-proxy-backend-hbase shardingsphere-test-e2e-agent-plugins-jaeger shardingsphere-test-e2e-agent-jdbc-project shardingsphere-proxy-frontend-postgresql shardingsphere-agent-plugin-metrics shardingsphere-agent-metrics-type shardingsphere-test-e2e-pipeline shardingsphere-proxy-backend-opengauss org.apache.shardingsphere:shardingsphere-readwrite-splitting-core:5.5.1-SNAPSHOT is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugin-tracing@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-logging-type@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-tracing-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-it-pipeline@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-spi@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-postgresql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-pipeline@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-zipkin@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-metrics-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-metrics-prometheus@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-readwrite-splitting-distsql-handler@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-tracing-type@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-bootstrap@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-mysql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-metrics-prometheus@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-jdbc-distribution@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-jdbc-project@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-scenario-consistencycheck@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-distribution@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-jaeger@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-opengauss@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-jdbc@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-fixture@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-scenario-migration@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-logging-file@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-postgresql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugin-logging@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-tracing-opentelemetry@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-distsql-handler@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-logging-file@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-env@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-hbase@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-transaction@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugins@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-opengauss@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-mysql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-cdc-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-showprocesslist@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-sql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-native-distribution@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-common@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-driver@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-postgresql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-opengauss@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugin-metrics@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-metrics-type@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugin-core@5.5.1-SNAPSHOT Evidence Type Source Name Value Confidence Vendor file name pom High Vendor project artifactid shardingsphere-readwrite-splitting-core Low Vendor project groupid org.apache.shardingsphere Highest Product file name pom High Product project artifactid shardingsphere-readwrite-splitting-core Highest Product project groupid org.apache.shardingsphere Low
org.apache.shardingsphere:shardingsphere-readwrite-splitting-distsql-handler:5.5.1-SNAPSHOTDescription:
Build criterion and ecosystem above multi-model databases License:
Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/runner/work/shardingsphere-doc/shardingsphere-doc/shardingsphere/features/readwrite-splitting/distsql/handler/pom.xml
Referenced In Projects/Scopes: shardingsphere-agent-logging-type shardingsphere-test-e2e-fixture shardingsphere-proxy-frontend-opengauss shardingsphere-proxy-distribution shardingsphere-agent-plugin-core shardingsphere-agent-metrics-prometheus shardingsphere-agent-metrics-core shardingsphere-test-e2e-agent-plugins-metrics-prometheus shardingsphere-test-e2e-agent-plugins-common shardingsphere-agent-logging-file shardingsphere-test-e2e-agent-plugins-logging-file shardingsphere-agent-plugin-logging shardingsphere-agent-plugins shardingsphere-agent-plugin-tracing shardingsphere-proxy-frontend-spi shardingsphere-agent-tracing-opentelemetry shardingsphere-test-e2e-sql shardingsphere-proxy-backend-mysql shardingsphere-proxy-frontend-mysql shardingsphere-agent-tracing-core shardingsphere-proxy-backend-core shardingsphere-proxy-backend-postgresql shardingsphere-test-e2e-transaction shardingsphere-proxy-backend-hbase shardingsphere-proxy-bootstrap shardingsphere-test-e2e-agent-plugins-jaeger shardingsphere-proxy-frontend-postgresql shardingsphere-test-e2e-agent-plugins-zipkin shardingsphere-test-e2e-env shardingsphere-test-e2e-showprocesslist shardingsphere-agent-tracing-type shardingsphere-agent-plugin-metrics shardingsphere-proxy-frontend-core shardingsphere-agent-metrics-type shardingsphere-test-e2e-pipeline shardingsphere-proxy-native-distribution shardingsphere-proxy-backend-opengauss org.apache.shardingsphere:shardingsphere-readwrite-splitting-distsql-handler:5.5.1-SNAPSHOT is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugins@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-showprocesslist@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-mysql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-metrics-prometheus@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-distribution@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-env@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-sql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-postgresql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-pipeline@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugin-metrics@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-fixture@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-tracing-opentelemetry@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-opengauss@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-mysql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-spi@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-metrics-prometheus@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-bootstrap@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-logging-file@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-logging-file@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-tracing-type@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-logging-type@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-zipkin@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-transaction@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-jaeger@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-metrics-type@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-native-distribution@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugin-logging@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-hbase@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugin-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-common@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-opengauss@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-postgresql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-metrics-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-tracing-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugin-tracing@5.5.1-SNAPSHOT Evidence Type Source Name Value Confidence Vendor file name pom High Vendor project artifactid shardingsphere-readwrite-splitting-distsql-handler Low Vendor project groupid org.apache.shardingsphere Highest Product file name pom High Product project artifactid shardingsphere-readwrite-splitting-distsql-handler Highest Product project groupid org.apache.shardingsphere Low
org.apache.shardingsphere:shardingsphere-readwrite-splitting-distsql-parser:5.5.1-SNAPSHOTDescription:
Build criterion and ecosystem above multi-model databases License:
Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/runner/work/shardingsphere-doc/shardingsphere-doc/shardingsphere/features/readwrite-splitting/distsql/parser/pom.xml
Referenced In Projects/Scopes: shardingsphere-agent-logging-type shardingsphere-test-e2e-fixture shardingsphere-proxy-frontend-opengauss shardingsphere-proxy-distribution shardingsphere-agent-plugin-core shardingsphere-agent-metrics-prometheus shardingsphere-agent-metrics-core shardingsphere-test-e2e-agent-plugins-metrics-prometheus shardingsphere-test-e2e-agent-plugins-common shardingsphere-agent-logging-file shardingsphere-test-e2e-agent-plugins-logging-file shardingsphere-agent-plugin-logging shardingsphere-agent-plugins shardingsphere-agent-plugin-tracing shardingsphere-proxy-frontend-spi shardingsphere-agent-tracing-opentelemetry shardingsphere-test-e2e-sql shardingsphere-proxy-backend-mysql shardingsphere-proxy-frontend-mysql shardingsphere-readwrite-splitting-distsql-handler shardingsphere-agent-tracing-core shardingsphere-proxy-backend-core shardingsphere-proxy-backend-postgresql shardingsphere-test-e2e-transaction shardingsphere-proxy-backend-hbase shardingsphere-proxy-bootstrap shardingsphere-test-e2e-agent-plugins-jaeger shardingsphere-test-it-optimizer shardingsphere-proxy-frontend-postgresql shardingsphere-test-e2e-agent-plugins-zipkin shardingsphere-test-e2e-env shardingsphere-test-e2e-showprocesslist shardingsphere-agent-tracing-type shardingsphere-agent-plugin-metrics shardingsphere-proxy-frontend-core shardingsphere-agent-metrics-type shardingsphere-test-e2e-pipeline shardingsphere-test-it-parser shardingsphere-proxy-native-distribution shardingsphere-proxy-backend-opengauss org.apache.shardingsphere:shardingsphere-readwrite-splitting-distsql-parser:5.5.1-SNAPSHOT is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-mysql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-mysql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-opengauss@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-native-distribution@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-env@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugin-logging@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-hbase@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-logging-file@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-pipeline@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-metrics-prometheus@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-postgresql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-tracing-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugin-tracing@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-metrics-prometheus@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-spi@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-logging-type@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-metrics-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-metrics-type@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-it-optimizer@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-jaeger@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugin-metrics@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-tracing-type@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugins@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-transaction@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-zipkin@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-common@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-distribution@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-bootstrap@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-it-parser@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-postgresql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-showprocesslist@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-logging-file@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-tracing-opentelemetry@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-readwrite-splitting-distsql-handler@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-opengauss@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugin-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-sql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-fixture@5.5.1-SNAPSHOT Evidence Type Source Name Value Confidence Vendor file name pom High Vendor project artifactid shardingsphere-readwrite-splitting-distsql-parser Low Vendor project groupid org.apache.shardingsphere Highest Product file name pom High Product project artifactid shardingsphere-readwrite-splitting-distsql-parser Highest Product project groupid org.apache.shardingsphere Low
org.apache.shardingsphere:shardingsphere-readwrite-splitting-distsql-statement:5.5.1-SNAPSHOTDescription:
Build criterion and ecosystem above multi-model databases License:
Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/runner/work/shardingsphere-doc/shardingsphere-doc/shardingsphere/features/readwrite-splitting/distsql/statement/pom.xml
Referenced In Projects/Scopes: shardingsphere-agent-logging-type shardingsphere-test-e2e-fixture shardingsphere-proxy-frontend-opengauss shardingsphere-proxy-distribution shardingsphere-agent-plugin-core shardingsphere-agent-metrics-prometheus shardingsphere-agent-metrics-core shardingsphere-test-e2e-agent-plugins-metrics-prometheus shardingsphere-test-e2e-agent-plugins-common shardingsphere-agent-logging-file shardingsphere-test-e2e-agent-plugins-logging-file shardingsphere-agent-plugin-logging shardingsphere-agent-plugins shardingsphere-agent-plugin-tracing shardingsphere-proxy-frontend-spi shardingsphere-agent-tracing-opentelemetry shardingsphere-test-e2e-sql shardingsphere-proxy-backend-mysql shardingsphere-proxy-frontend-mysql shardingsphere-readwrite-splitting-distsql-handler shardingsphere-agent-tracing-core shardingsphere-proxy-backend-core shardingsphere-proxy-backend-postgresql shardingsphere-test-e2e-transaction shardingsphere-proxy-backend-hbase shardingsphere-proxy-bootstrap shardingsphere-test-e2e-agent-plugins-jaeger shardingsphere-readwrite-splitting-distsql-parser shardingsphere-test-it-optimizer shardingsphere-proxy-frontend-postgresql shardingsphere-test-e2e-agent-plugins-zipkin shardingsphere-test-e2e-env shardingsphere-test-e2e-showprocesslist shardingsphere-agent-tracing-type shardingsphere-agent-plugin-metrics shardingsphere-proxy-frontend-core shardingsphere-agent-metrics-type shardingsphere-test-e2e-pipeline shardingsphere-test-it-parser shardingsphere-proxy-native-distribution shardingsphere-proxy-backend-opengauss org.apache.shardingsphere:shardingsphere-readwrite-splitting-distsql-statement:5.5.1-SNAPSHOT is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugin-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-env@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-hbase@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-it-optimizer@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugin-tracing@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-native-distribution@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-fixture@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-opengauss@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-metrics-type@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-logging-file@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-sql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-tracing-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-postgresql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-opengauss@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-logging-type@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-logging-file@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-transaction@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-jaeger@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-metrics-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-tracing-opentelemetry@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-metrics-prometheus@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-metrics-prometheus@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-it-parser@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-mysql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-readwrite-splitting-distsql-parser@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-distribution@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugin-logging@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-zipkin@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-spi@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-bootstrap@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-mysql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-readwrite-splitting-distsql-handler@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugin-metrics@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugins@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-postgresql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-showprocesslist@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-pipeline@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-tracing-type@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-common@5.5.1-SNAPSHOT Evidence Type Source Name Value Confidence Vendor file name pom High Vendor project artifactid shardingsphere-readwrite-splitting-distsql-statement Low Vendor project groupid org.apache.shardingsphere Highest Product file name pom High Product project artifactid shardingsphere-readwrite-splitting-distsql-statement Highest Product project groupid org.apache.shardingsphere Low
org.apache.shardingsphere:shardingsphere-schedule-core:5.5.1-SNAPSHOTDescription:
Build criterion and ecosystem above multi-model databases License:
Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/runner/work/shardingsphere-doc/shardingsphere-doc/shardingsphere/kernel/schedule/core/pom.xml
Referenced In Projects/Scopes: shardingsphere-agent-logging-type shardingsphere-test-e2e-fixture shardingsphere-proxy-frontend-opengauss shardingsphere-proxy-distribution shardingsphere-agent-plugin-core shardingsphere-agent-metrics-prometheus shardingsphere-agent-metrics-core shardingsphere-test-e2e-agent-plugins-metrics-prometheus shardingsphere-test-e2e-agent-plugins-common shardingsphere-agent-logging-file shardingsphere-test-e2e-agent-plugins-logging-file shardingsphere-agent-plugin-logging shardingsphere-agent-plugins shardingsphere-agent-plugin-tracing shardingsphere-proxy-frontend-spi shardingsphere-agent-tracing-opentelemetry shardingsphere-test-e2e-sql shardingsphere-proxy-backend-mysql shardingsphere-proxy-frontend-mysql shardingsphere-agent-tracing-core shardingsphere-proxy-backend-core shardingsphere-proxy-backend-postgresql shardingsphere-test-e2e-transaction shardingsphere-proxy-backend-hbase shardingsphere-proxy-bootstrap shardingsphere-test-e2e-agent-plugins-jaeger shardingsphere-proxy-frontend-postgresql shardingsphere-test-e2e-agent-plugins-zipkin shardingsphere-test-e2e-env shardingsphere-test-e2e-showprocesslist shardingsphere-agent-tracing-type shardingsphere-agent-plugin-metrics shardingsphere-proxy-frontend-core shardingsphere-agent-metrics-type shardingsphere-test-e2e-pipeline shardingsphere-proxy-native-distribution shardingsphere-proxy-backend-opengauss org.apache.shardingsphere:shardingsphere-schedule-core:5.5.1-SNAPSHOT is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-metrics-prometheus@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-logging-file@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-mysql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-logging-file@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugin-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugin-metrics@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-tracing-opentelemetry@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugin-tracing@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-showprocesslist@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-mysql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-logging-type@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-sql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugin-logging@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-bootstrap@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-hbase@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-tracing-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-distribution@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-native-distribution@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-postgresql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-metrics-type@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-metrics-prometheus@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-opengauss@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-fixture@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-tracing-type@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-env@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-common@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-opengauss@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-pipeline@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-postgresql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-jaeger@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-metrics-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugins@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-transaction@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-spi@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-zipkin@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-core@5.5.1-SNAPSHOT Evidence Type Source Name Value Confidence Vendor file name pom High Vendor project artifactid shardingsphere-schedule-core Low Vendor project groupid org.apache.shardingsphere Highest Product file name pom High Product project artifactid shardingsphere-schedule-core Highest Product project groupid org.apache.shardingsphere Low
org.apache.shardingsphere:shardingsphere-shadow-api:5.5.1-SNAPSHOTDescription:
Build criterion and ecosystem above multi-model databases License:
Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/runner/work/shardingsphere-doc/shardingsphere-doc/shardingsphere/features/shadow/api/pom.xml
Referenced In Projects/Scopes: shardingsphere-agent-logging-type shardingsphere-proxy-frontend-opengauss shardingsphere-proxy-distribution shardingsphere-jdbc-distribution shardingsphere-agent-metrics-core shardingsphere-data-pipeline-distsql-handler shardingsphere-test-e2e-agent-plugins-metrics-prometheus shardingsphere-agent-plugin-logging shardingsphere-agent-plugin-tracing shardingsphere-test-e2e-sql shardingsphere-proxy-backend-mysql shardingsphere-jdbc shardingsphere-proxy-frontend-mysql shardingsphere-agent-tracing-core shardingsphere-test-it-pipeline shardingsphere-proxy-backend-postgresql shardingsphere-data-pipeline-opengauss shardingsphere-test-e2e-driver shardingsphere-proxy-bootstrap shardingsphere-data-pipeline-cdc-core shardingsphere-shadow-core shardingsphere-test-e2e-agent-plugins-zipkin shardingsphere-test-e2e-env shardingsphere-test-e2e-showprocesslist shardingsphere-agent-tracing-type shardingsphere-proxy-frontend-core shardingsphere-data-pipeline-core shardingsphere-data-pipeline-scenario-migration shardingsphere-proxy-native-distribution shardingsphere-test-e2e-fixture shardingsphere-agent-plugin-core shardingsphere-agent-metrics-prometheus shardingsphere-test-e2e-agent-plugins-common shardingsphere-agent-logging-file shardingsphere-data-pipeline-scenario-consistencycheck shardingsphere-test-e2e-agent-plugins-logging-file shardingsphere-agent-plugins shardingsphere-proxy-frontend-spi shardingsphere-agent-tracing-opentelemetry shardingsphere-data-pipeline-postgresql shardingsphere-shadow-distsql-handler shardingsphere-proxy-backend-core shardingsphere-test-e2e-transaction shardingsphere-proxy-backend-hbase shardingsphere-test-e2e-agent-plugins-jaeger shardingsphere-test-e2e-agent-jdbc-project shardingsphere-proxy-frontend-postgresql shardingsphere-agent-plugin-metrics shardingsphere-agent-metrics-type shardingsphere-test-e2e-pipeline shardingsphere-proxy-backend-opengauss org.apache.shardingsphere:shardingsphere-shadow-api:5.5.1-SNAPSHOT is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-postgresql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-metrics-type@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-common@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-fixture@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-env@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-scenario-consistencycheck@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-shadow-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-jdbc@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-jdbc-distribution@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-tracing-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-tracing-type@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-zipkin@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-logging-file@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-driver@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-jaeger@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-logging-file@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-distribution@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-postgresql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-scenario-migration@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-metrics-prometheus@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-opengauss@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugin-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-sql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-it-pipeline@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-pipeline@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-tracing-opentelemetry@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugin-metrics@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-bootstrap@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugin-tracing@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-distsql-handler@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugins@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-shadow-distsql-handler@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugin-logging@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-mysql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-mysql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-postgresql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-jdbc-project@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-showprocesslist@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-metrics-prometheus@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-hbase@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-transaction@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-spi@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-logging-type@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-opengauss@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-native-distribution@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-metrics-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-opengauss@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-cdc-core@5.5.1-SNAPSHOT Evidence Type Source Name Value Confidence Vendor file name pom High Vendor project artifactid shardingsphere-shadow-api Low Vendor project groupid org.apache.shardingsphere Highest Product file name pom High Product project artifactid shardingsphere-shadow-api Highest Product project groupid org.apache.shardingsphere Low
org.apache.shardingsphere:shardingsphere-shadow-core:5.5.1-SNAPSHOTDescription:
Build criterion and ecosystem above multi-model databases License:
Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/runner/work/shardingsphere-doc/shardingsphere-doc/shardingsphere/features/shadow/core/pom.xml
Referenced In Projects/Scopes: shardingsphere-agent-logging-type shardingsphere-proxy-frontend-opengauss shardingsphere-proxy-distribution shardingsphere-jdbc-distribution shardingsphere-agent-metrics-core shardingsphere-data-pipeline-distsql-handler shardingsphere-test-e2e-agent-plugins-metrics-prometheus shardingsphere-agent-plugin-logging shardingsphere-agent-plugin-tracing shardingsphere-test-e2e-sql shardingsphere-proxy-backend-mysql shardingsphere-jdbc shardingsphere-proxy-frontend-mysql shardingsphere-agent-tracing-core shardingsphere-test-it-pipeline shardingsphere-proxy-backend-postgresql shardingsphere-data-pipeline-opengauss shardingsphere-test-e2e-driver shardingsphere-proxy-bootstrap shardingsphere-data-pipeline-cdc-core shardingsphere-test-e2e-agent-plugins-zipkin shardingsphere-test-e2e-env shardingsphere-test-e2e-showprocesslist shardingsphere-agent-tracing-type shardingsphere-proxy-frontend-core shardingsphere-data-pipeline-core shardingsphere-data-pipeline-scenario-migration shardingsphere-proxy-native-distribution shardingsphere-test-e2e-fixture shardingsphere-agent-plugin-core shardingsphere-agent-metrics-prometheus shardingsphere-test-e2e-agent-plugins-common shardingsphere-agent-logging-file shardingsphere-data-pipeline-scenario-consistencycheck shardingsphere-test-e2e-agent-plugins-logging-file shardingsphere-agent-plugins shardingsphere-proxy-frontend-spi shardingsphere-agent-tracing-opentelemetry shardingsphere-data-pipeline-postgresql shardingsphere-shadow-distsql-handler shardingsphere-proxy-backend-core shardingsphere-test-e2e-transaction shardingsphere-proxy-backend-hbase shardingsphere-test-e2e-agent-plugins-jaeger shardingsphere-test-e2e-agent-jdbc-project shardingsphere-proxy-frontend-postgresql shardingsphere-agent-plugin-metrics shardingsphere-agent-metrics-type shardingsphere-test-e2e-pipeline shardingsphere-proxy-backend-opengauss org.apache.shardingsphere:shardingsphere-shadow-core:5.5.1-SNAPSHOT is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-sql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-opengauss@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-distribution@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-it-pipeline@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-native-distribution@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-postgresql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-mysql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-scenario-consistencycheck@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-env@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-zipkin@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-metrics-prometheus@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-postgresql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-mysql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-bootstrap@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-fixture@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugin-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-showprocesslist@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-hbase@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-jaeger@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-jdbc-project@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-shadow-distsql-handler@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-driver@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-metrics-prometheus@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-postgresql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugin-logging@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-logging-file@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-distsql-handler@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugin-metrics@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-cdc-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-opengauss@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-tracing-type@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-scenario-migration@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-logging-type@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-tracing-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-common@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugin-tracing@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-jdbc-distribution@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-tracing-opentelemetry@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugins@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-metrics-type@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-spi@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-metrics-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-transaction@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-logging-file@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-pipeline@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-jdbc@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-opengauss@5.5.1-SNAPSHOT Evidence Type Source Name Value Confidence Vendor file name pom High Vendor project artifactid shardingsphere-shadow-core Low Vendor project groupid org.apache.shardingsphere Highest Product file name pom High Product project artifactid shardingsphere-shadow-core Highest Product project groupid org.apache.shardingsphere Low
org.apache.shardingsphere:shardingsphere-shadow-distsql-handler:5.5.1-SNAPSHOTDescription:
Build criterion and ecosystem above multi-model databases License:
Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/runner/work/shardingsphere-doc/shardingsphere-doc/shardingsphere/features/shadow/distsql/handler/pom.xml
Referenced In Projects/Scopes: shardingsphere-agent-logging-type shardingsphere-test-e2e-fixture shardingsphere-proxy-frontend-opengauss shardingsphere-proxy-distribution shardingsphere-agent-plugin-core shardingsphere-agent-metrics-prometheus shardingsphere-agent-metrics-core shardingsphere-test-e2e-agent-plugins-metrics-prometheus shardingsphere-test-e2e-agent-plugins-common shardingsphere-agent-logging-file shardingsphere-test-e2e-agent-plugins-logging-file shardingsphere-agent-plugin-logging shardingsphere-agent-plugins shardingsphere-agent-plugin-tracing shardingsphere-proxy-frontend-spi shardingsphere-agent-tracing-opentelemetry shardingsphere-test-e2e-sql shardingsphere-proxy-backend-mysql shardingsphere-proxy-frontend-mysql shardingsphere-agent-tracing-core shardingsphere-proxy-backend-core shardingsphere-proxy-backend-postgresql shardingsphere-test-e2e-transaction shardingsphere-proxy-backend-hbase shardingsphere-proxy-bootstrap shardingsphere-test-e2e-agent-plugins-jaeger shardingsphere-proxy-frontend-postgresql shardingsphere-test-e2e-agent-plugins-zipkin shardingsphere-test-e2e-env shardingsphere-test-e2e-showprocesslist shardingsphere-agent-tracing-type shardingsphere-agent-plugin-metrics shardingsphere-proxy-frontend-core shardingsphere-agent-metrics-type shardingsphere-test-e2e-pipeline shardingsphere-proxy-native-distribution shardingsphere-proxy-backend-opengauss org.apache.shardingsphere:shardingsphere-shadow-distsql-handler:5.5.1-SNAPSHOT is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-bootstrap@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-env@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-showprocesslist@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-tracing-type@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-opengauss@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-transaction@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-mysql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-logging-file@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugin-metrics@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-distribution@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-logging-type@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-native-distribution@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-pipeline@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-spi@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-metrics-prometheus@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugin-logging@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-logging-file@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-metrics-prometheus@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugin-tracing@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-opengauss@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-postgresql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-sql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-zipkin@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-fixture@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-metrics-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-mysql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-postgresql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-common@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-metrics-type@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-tracing-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-jaeger@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugin-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-tracing-opentelemetry@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugins@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-hbase@5.5.1-SNAPSHOT Evidence Type Source Name Value Confidence Vendor file name pom High Vendor project artifactid shardingsphere-shadow-distsql-handler Low Vendor project groupid org.apache.shardingsphere Highest Product file name pom High Product project artifactid shardingsphere-shadow-distsql-handler Highest Product project groupid org.apache.shardingsphere Low
org.apache.shardingsphere:shardingsphere-shadow-distsql-parser:5.5.1-SNAPSHOTDescription:
Build criterion and ecosystem above multi-model databases License:
Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/runner/work/shardingsphere-doc/shardingsphere-doc/shardingsphere/features/shadow/distsql/parser/pom.xml
Referenced In Projects/Scopes: shardingsphere-agent-logging-type shardingsphere-test-e2e-fixture shardingsphere-proxy-frontend-opengauss shardingsphere-proxy-distribution shardingsphere-agent-plugin-core shardingsphere-agent-metrics-prometheus shardingsphere-agent-metrics-core shardingsphere-test-e2e-agent-plugins-metrics-prometheus shardingsphere-test-e2e-agent-plugins-common shardingsphere-agent-logging-file shardingsphere-test-e2e-agent-plugins-logging-file shardingsphere-agent-plugin-logging shardingsphere-agent-plugins shardingsphere-agent-plugin-tracing shardingsphere-proxy-frontend-spi shardingsphere-agent-tracing-opentelemetry shardingsphere-test-e2e-sql shardingsphere-proxy-backend-mysql shardingsphere-shadow-distsql-handler shardingsphere-proxy-frontend-mysql shardingsphere-agent-tracing-core shardingsphere-proxy-backend-core shardingsphere-proxy-backend-postgresql shardingsphere-test-e2e-transaction shardingsphere-proxy-backend-hbase shardingsphere-proxy-bootstrap shardingsphere-test-e2e-agent-plugins-jaeger shardingsphere-test-it-optimizer shardingsphere-proxy-frontend-postgresql shardingsphere-test-e2e-agent-plugins-zipkin shardingsphere-test-e2e-env shardingsphere-test-e2e-showprocesslist shardingsphere-agent-tracing-type shardingsphere-agent-plugin-metrics shardingsphere-proxy-frontend-core shardingsphere-agent-metrics-type shardingsphere-test-e2e-pipeline shardingsphere-test-it-parser shardingsphere-proxy-native-distribution shardingsphere-proxy-backend-opengauss org.apache.shardingsphere:shardingsphere-shadow-distsql-parser:5.5.1-SNAPSHOT is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugin-logging@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-postgresql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugin-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugins@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-mysql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-fixture@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-it-optimizer@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-jaeger@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-env@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-postgresql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-pipeline@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-native-distribution@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-logging-file@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-metrics-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-tracing-opentelemetry@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-distribution@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-it-parser@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-spi@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-sql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-opengauss@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-common@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-logging-type@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-metrics-type@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-bootstrap@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-logging-file@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-hbase@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-zipkin@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-metrics-prometheus@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-transaction@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-opengauss@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-metrics-prometheus@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-tracing-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-tracing-type@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugin-tracing@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugin-metrics@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-showprocesslist@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-shadow-distsql-handler@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-mysql@5.5.1-SNAPSHOT Evidence Type Source Name Value Confidence Vendor file name pom High Vendor project artifactid shardingsphere-shadow-distsql-parser Low Vendor project groupid org.apache.shardingsphere Highest Product file name pom High Product project artifactid shardingsphere-shadow-distsql-parser Highest Product project groupid org.apache.shardingsphere Low
org.apache.shardingsphere:shardingsphere-shadow-distsql-statement:5.5.1-SNAPSHOTDescription:
Build criterion and ecosystem above multi-model databases License:
Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/runner/work/shardingsphere-doc/shardingsphere-doc/shardingsphere/features/shadow/distsql/statement/pom.xml
Referenced In Projects/Scopes: shardingsphere-agent-logging-type shardingsphere-test-e2e-fixture shardingsphere-proxy-frontend-opengauss shardingsphere-proxy-distribution shardingsphere-agent-plugin-core shardingsphere-agent-metrics-prometheus shardingsphere-agent-metrics-core shardingsphere-test-e2e-agent-plugins-metrics-prometheus shardingsphere-test-e2e-agent-plugins-common shardingsphere-agent-logging-file shardingsphere-test-e2e-agent-plugins-logging-file shardingsphere-agent-plugin-logging shardingsphere-agent-plugins shardingsphere-agent-plugin-tracing shardingsphere-proxy-frontend-spi shardingsphere-agent-tracing-opentelemetry shardingsphere-test-e2e-sql shardingsphere-proxy-backend-mysql shardingsphere-shadow-distsql-handler shardingsphere-proxy-frontend-mysql shardingsphere-agent-tracing-core shardingsphere-proxy-backend-core shardingsphere-proxy-backend-postgresql shardingsphere-test-e2e-transaction shardingsphere-proxy-backend-hbase shardingsphere-proxy-bootstrap shardingsphere-test-e2e-agent-plugins-jaeger shardingsphere-shadow-distsql-parser shardingsphere-test-it-optimizer shardingsphere-proxy-frontend-postgresql shardingsphere-test-e2e-agent-plugins-zipkin shardingsphere-test-e2e-env shardingsphere-test-e2e-showprocesslist shardingsphere-agent-tracing-type shardingsphere-agent-plugin-metrics shardingsphere-proxy-frontend-core shardingsphere-agent-metrics-type shardingsphere-test-e2e-pipeline shardingsphere-test-it-parser shardingsphere-proxy-native-distribution shardingsphere-proxy-backend-opengauss org.apache.shardingsphere:shardingsphere-shadow-distsql-statement:5.5.1-SNAPSHOT is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-postgresql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-zipkin@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-env@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-common@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-opengauss@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-it-parser@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-opengauss@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-native-distribution@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugins@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-bootstrap@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-spi@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugin-metrics@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugin-tracing@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-tracing-opentelemetry@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-logging-type@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-it-optimizer@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-tracing-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugin-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-transaction@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-pipeline@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-sql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-mysql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-showprocesslist@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-metrics-prometheus@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-metrics-prometheus@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-metrics-type@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-metrics-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-mysql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-fixture@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-logging-file@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-hbase@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-jaeger@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-shadow-distsql-handler@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-shadow-distsql-parser@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-tracing-type@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-logging-file@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-distribution@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-postgresql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugin-logging@5.5.1-SNAPSHOT Evidence Type Source Name Value Confidence Vendor file name pom High Vendor project artifactid shardingsphere-shadow-distsql-statement Low Vendor project groupid org.apache.shardingsphere Highest Product file name pom High Product project artifactid shardingsphere-shadow-distsql-statement Highest Product project groupid org.apache.shardingsphere Low
org.apache.shardingsphere:shardingsphere-sharding-api:5.5.1-SNAPSHOT org.apache.shardingsphere:shardingsphere-sharding-core:5.5.1-SNAPSHOTDescription:
Build criterion and ecosystem above multi-model databases License:
Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/runner/work/shardingsphere-doc/shardingsphere-doc/shardingsphere/features/sharding/core/pom.xml
Referenced In Projects/Scopes: shardingsphere-agent-logging-type shardingsphere-proxy-frontend-opengauss shardingsphere-proxy-distribution shardingsphere-jdbc-distribution shardingsphere-agent-metrics-core shardingsphere-data-pipeline-distsql-handler shardingsphere-test-e2e-agent-plugins-metrics-prometheus shardingsphere-agent-plugin-logging shardingsphere-agent-plugin-tracing shardingsphere-test-e2e-sql shardingsphere-proxy-backend-mysql shardingsphere-jdbc shardingsphere-proxy-frontend-mysql shardingsphere-agent-tracing-core shardingsphere-test-it-pipeline shardingsphere-proxy-backend-postgresql shardingsphere-data-pipeline-opengauss shardingsphere-test-e2e-driver shardingsphere-proxy-bootstrap shardingsphere-data-pipeline-cdc-core shardingsphere-data-pipeline-mysql shardingsphere-test-e2e-agent-plugins-zipkin shardingsphere-test-e2e-env shardingsphere-test-e2e-showprocesslist shardingsphere-agent-tracing-type shardingsphere-proxy-frontend-core shardingsphere-data-pipeline-core shardingsphere-data-pipeline-scenario-migration shardingsphere-proxy-native-distribution shardingsphere-test-e2e-fixture shardingsphere-agent-plugin-core shardingsphere-agent-metrics-prometheus shardingsphere-test-e2e-agent-plugins-common shardingsphere-agent-logging-file shardingsphere-data-pipeline-scenario-consistencycheck shardingsphere-test-e2e-agent-plugins-logging-file shardingsphere-agent-plugins shardingsphere-proxy-frontend-spi shardingsphere-agent-tracing-opentelemetry shardingsphere-data-pipeline-postgresql shardingsphere-sharding-distsql-handler shardingsphere-proxy-backend-core shardingsphere-test-e2e-transaction shardingsphere-proxy-backend-hbase shardingsphere-test-e2e-agent-plugins-jaeger shardingsphere-test-e2e-agent-jdbc-project shardingsphere-proxy-frontend-postgresql shardingsphere-agent-plugin-metrics shardingsphere-agent-metrics-type shardingsphere-test-e2e-pipeline shardingsphere-proxy-backend-opengauss org.apache.shardingsphere:shardingsphere-sharding-core:5.5.1-SNAPSHOT is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-native-distribution@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-tracing-opentelemetry@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-mysql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugin-tracing@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-transaction@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-jdbc@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-postgresql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-distribution@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-postgresql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugin-logging@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-metrics-prometheus@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-metrics-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-it-pipeline@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugin-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-opengauss@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-spi@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-opengauss@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-common@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-mysql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-jdbc-project@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugins@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-jaeger@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-sharding-distsql-handler@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-env@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-mysql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-tracing-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-sql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-showprocesslist@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-jdbc-distribution@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-bootstrap@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-hbase@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-cdc-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-opengauss@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-distsql-handler@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-logging-type@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-postgresql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-scenario-migration@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-zipkin@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugin-metrics@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-metrics-prometheus@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-tracing-type@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-scenario-consistencycheck@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-logging-file@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-logging-file@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-fixture@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-pipeline@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-metrics-type@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-driver@5.5.1-SNAPSHOT Evidence Type Source Name Value Confidence Vendor file name pom High Vendor project artifactid shardingsphere-sharding-core Low Vendor project groupid org.apache.shardingsphere Highest Product file name pom High Product project artifactid shardingsphere-sharding-core Highest Product project groupid org.apache.shardingsphere Low
org.apache.shardingsphere:shardingsphere-sharding-distsql-handler:5.5.1-SNAPSHOTDescription:
Build criterion and ecosystem above multi-model databases License:
Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/runner/work/shardingsphere-doc/shardingsphere-doc/shardingsphere/features/sharding/distsql/handler/pom.xml
Referenced In Projects/Scopes: shardingsphere-agent-logging-type shardingsphere-test-e2e-fixture shardingsphere-proxy-frontend-opengauss shardingsphere-proxy-distribution shardingsphere-agent-plugin-core shardingsphere-agent-metrics-prometheus shardingsphere-agent-metrics-core shardingsphere-test-e2e-agent-plugins-metrics-prometheus shardingsphere-test-e2e-agent-plugins-common shardingsphere-agent-logging-file shardingsphere-test-e2e-agent-plugins-logging-file shardingsphere-agent-plugin-logging shardingsphere-agent-plugins shardingsphere-agent-plugin-tracing shardingsphere-proxy-frontend-spi shardingsphere-agent-tracing-opentelemetry shardingsphere-test-e2e-sql shardingsphere-proxy-backend-mysql shardingsphere-proxy-frontend-mysql shardingsphere-agent-tracing-core shardingsphere-proxy-backend-core shardingsphere-proxy-backend-postgresql shardingsphere-test-e2e-transaction shardingsphere-proxy-backend-hbase shardingsphere-proxy-bootstrap shardingsphere-test-e2e-agent-plugins-jaeger shardingsphere-proxy-frontend-postgresql shardingsphere-test-e2e-agent-plugins-zipkin shardingsphere-test-e2e-env shardingsphere-test-e2e-showprocesslist shardingsphere-agent-tracing-type shardingsphere-agent-plugin-metrics shardingsphere-proxy-frontend-core shardingsphere-agent-metrics-type shardingsphere-test-e2e-pipeline shardingsphere-proxy-native-distribution shardingsphere-proxy-backend-opengauss org.apache.shardingsphere:shardingsphere-sharding-distsql-handler:5.5.1-SNAPSHOT is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugin-logging@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-logging-file@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-metrics-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-tracing-type@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugin-metrics@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugin-tracing@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-metrics-prometheus@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-bootstrap@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-mysql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-postgresql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-jaeger@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-postgresql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-tracing-opentelemetry@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-logging-type@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-opengauss@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-metrics-type@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugin-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-mysql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-showprocesslist@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-distribution@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-tracing-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-pipeline@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-sql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-zipkin@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-logging-file@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugins@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-hbase@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-metrics-prometheus@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-transaction@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-fixture@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-opengauss@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-common@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-native-distribution@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-env@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-spi@5.5.1-SNAPSHOT Evidence Type Source Name Value Confidence Vendor file name pom High Vendor project artifactid shardingsphere-sharding-distsql-handler Low Vendor project groupid org.apache.shardingsphere Highest Product file name pom High Product project artifactid shardingsphere-sharding-distsql-handler Highest Product project groupid org.apache.shardingsphere Low
org.apache.shardingsphere:shardingsphere-sharding-distsql-parser:5.5.1-SNAPSHOTDescription:
Build criterion and ecosystem above multi-model databases License:
Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/runner/work/shardingsphere-doc/shardingsphere-doc/shardingsphere/features/sharding/distsql/parser/pom.xml
Referenced In Projects/Scopes: shardingsphere-agent-logging-type shardingsphere-test-e2e-fixture shardingsphere-proxy-frontend-opengauss shardingsphere-proxy-distribution shardingsphere-agent-plugin-core shardingsphere-agent-metrics-prometheus shardingsphere-agent-metrics-core shardingsphere-test-e2e-agent-plugins-metrics-prometheus shardingsphere-test-e2e-agent-plugins-common shardingsphere-agent-logging-file shardingsphere-test-e2e-agent-plugins-logging-file shardingsphere-agent-plugin-logging shardingsphere-agent-plugins shardingsphere-agent-plugin-tracing shardingsphere-proxy-frontend-spi shardingsphere-agent-tracing-opentelemetry shardingsphere-test-e2e-sql shardingsphere-proxy-backend-mysql shardingsphere-proxy-frontend-mysql shardingsphere-sharding-distsql-handler shardingsphere-agent-tracing-core shardingsphere-proxy-backend-core shardingsphere-proxy-backend-postgresql shardingsphere-test-e2e-transaction shardingsphere-proxy-backend-hbase shardingsphere-proxy-bootstrap shardingsphere-test-e2e-agent-plugins-jaeger shardingsphere-test-it-optimizer shardingsphere-proxy-frontend-postgresql shardingsphere-test-e2e-agent-plugins-zipkin shardingsphere-test-e2e-env shardingsphere-test-e2e-showprocesslist shardingsphere-agent-tracing-type shardingsphere-agent-plugin-metrics shardingsphere-proxy-frontend-core shardingsphere-agent-metrics-type shardingsphere-test-e2e-pipeline shardingsphere-test-it-parser shardingsphere-proxy-native-distribution shardingsphere-proxy-backend-opengauss org.apache.shardingsphere:shardingsphere-sharding-distsql-parser:5.5.1-SNAPSHOT is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-zipkin@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-spi@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-fixture@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-it-parser@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugins@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-sharding-distsql-handler@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-postgresql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-it-optimizer@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-hbase@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-tracing-type@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-opengauss@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-tracing-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-tracing-opentelemetry@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-common@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-native-distribution@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugin-logging@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-transaction@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-metrics-prometheus@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-opengauss@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-sql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-mysql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugin-tracing@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-logging-file@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-metrics-prometheus@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-pipeline@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-showprocesslist@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-logging-file@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-bootstrap@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-jaeger@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugin-metrics@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-metrics-type@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-logging-type@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugin-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-env@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-distribution@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-metrics-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-postgresql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-mysql@5.5.1-SNAPSHOT Evidence Type Source Name Value Confidence Vendor file name pom High Vendor project artifactid shardingsphere-sharding-distsql-parser Low Vendor project groupid org.apache.shardingsphere Highest Product file name pom High Product project artifactid shardingsphere-sharding-distsql-parser Highest Product project groupid org.apache.shardingsphere Low
org.apache.shardingsphere:shardingsphere-sharding-distsql-statement:5.5.1-SNAPSHOTDescription:
Build criterion and ecosystem above multi-model databases License:
Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/runner/work/shardingsphere-doc/shardingsphere-doc/shardingsphere/features/sharding/distsql/statement/pom.xml
Referenced In Projects/Scopes: shardingsphere-agent-logging-type shardingsphere-test-e2e-fixture shardingsphere-proxy-frontend-opengauss shardingsphere-proxy-distribution shardingsphere-agent-plugin-core shardingsphere-agent-metrics-prometheus shardingsphere-agent-metrics-core shardingsphere-test-e2e-agent-plugins-metrics-prometheus shardingsphere-test-e2e-agent-plugins-common shardingsphere-agent-logging-file shardingsphere-test-e2e-agent-plugins-logging-file shardingsphere-agent-plugin-logging shardingsphere-agent-plugins shardingsphere-agent-plugin-tracing shardingsphere-proxy-frontend-spi shardingsphere-agent-tracing-opentelemetry shardingsphere-test-e2e-sql shardingsphere-proxy-backend-mysql shardingsphere-proxy-frontend-mysql shardingsphere-sharding-distsql-handler shardingsphere-agent-tracing-core shardingsphere-proxy-backend-core shardingsphere-proxy-backend-postgresql shardingsphere-test-e2e-transaction shardingsphere-proxy-backend-hbase shardingsphere-proxy-bootstrap shardingsphere-test-e2e-agent-plugins-jaeger shardingsphere-sharding-distsql-parser shardingsphere-test-it-optimizer shardingsphere-proxy-frontend-postgresql shardingsphere-test-e2e-agent-plugins-zipkin shardingsphere-test-e2e-env shardingsphere-test-e2e-showprocesslist shardingsphere-agent-tracing-type shardingsphere-agent-plugin-metrics shardingsphere-proxy-frontend-core shardingsphere-agent-metrics-type shardingsphere-test-e2e-pipeline shardingsphere-test-it-parser shardingsphere-proxy-native-distribution shardingsphere-proxy-backend-opengauss org.apache.shardingsphere:shardingsphere-sharding-distsql-statement:5.5.1-SNAPSHOT is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-env@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-native-distribution@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-mysql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-postgresql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugin-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-bootstrap@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-opengauss@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-it-parser@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-postgresql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-tracing-opentelemetry@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugin-logging@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-opengauss@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-metrics-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-fixture@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugin-metrics@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-distribution@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-logging-file@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-sharding-distsql-handler@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-pipeline@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-metrics-prometheus@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-spi@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-logging-file@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-logging-type@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugin-tracing@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-tracing-type@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-sql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-sharding-distsql-parser@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-it-optimizer@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-showprocesslist@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-common@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-zipkin@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-transaction@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-jaeger@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-metrics-prometheus@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-metrics-type@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-mysql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugins@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-hbase@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-tracing-core@5.5.1-SNAPSHOT Evidence Type Source Name Value Confidence Vendor file name pom High Vendor project artifactid shardingsphere-sharding-distsql-statement Low Vendor project groupid org.apache.shardingsphere Highest Product file name pom High Product project artifactid shardingsphere-sharding-distsql-statement Highest Product project groupid org.apache.shardingsphere Low
org.apache.shardingsphere:shardingsphere-single-api:5.5.1-SNAPSHOT org.apache.shardingsphere:shardingsphere-single-core:5.5.1-SNAPSHOT org.apache.shardingsphere:shardingsphere-single-distsql-handler:5.5.1-SNAPSHOTDescription:
Build criterion and ecosystem above multi-model databases License:
Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/runner/work/shardingsphere-doc/shardingsphere-doc/shardingsphere/kernel/single/distsql/handler/pom.xml
Referenced In Projects/Scopes: shardingsphere-agent-logging-type shardingsphere-test-e2e-fixture shardingsphere-proxy-frontend-opengauss shardingsphere-proxy-distribution shardingsphere-agent-plugin-core shardingsphere-agent-metrics-prometheus shardingsphere-agent-metrics-core shardingsphere-test-e2e-agent-plugins-metrics-prometheus shardingsphere-test-e2e-agent-plugins-common shardingsphere-agent-logging-file shardingsphere-test-e2e-agent-plugins-logging-file shardingsphere-agent-plugin-logging shardingsphere-agent-plugins shardingsphere-agent-plugin-tracing shardingsphere-proxy-frontend-spi shardingsphere-agent-tracing-opentelemetry shardingsphere-test-e2e-sql shardingsphere-proxy-backend-mysql shardingsphere-proxy-frontend-mysql shardingsphere-agent-tracing-core shardingsphere-proxy-backend-core shardingsphere-proxy-backend-postgresql shardingsphere-test-e2e-transaction shardingsphere-proxy-backend-hbase shardingsphere-proxy-bootstrap shardingsphere-test-e2e-agent-plugins-jaeger shardingsphere-proxy-frontend-postgresql shardingsphere-test-e2e-agent-plugins-zipkin shardingsphere-test-e2e-env shardingsphere-test-e2e-showprocesslist shardingsphere-agent-tracing-type shardingsphere-agent-plugin-metrics shardingsphere-proxy-frontend-core shardingsphere-agent-metrics-type shardingsphere-test-e2e-pipeline shardingsphere-proxy-native-distribution shardingsphere-proxy-backend-opengauss org.apache.shardingsphere:shardingsphere-single-distsql-handler:5.5.1-SNAPSHOT is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-metrics-prometheus@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-mysql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-mysql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-spi@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-fixture@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-sql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-logging-file@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-distribution@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-native-distribution@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugins@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-postgresql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-common@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugin-tracing@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-metrics-type@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-opengauss@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-metrics-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-pipeline@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-metrics-prometheus@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugin-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-tracing-type@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-postgresql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-transaction@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-showprocesslist@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-hbase@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-jaeger@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-opengauss@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-tracing-opentelemetry@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-env@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-logging-file@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-bootstrap@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-logging-type@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugin-logging@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-zipkin@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugin-metrics@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-tracing-core@5.5.1-SNAPSHOT Evidence Type Source Name Value Confidence Vendor file name pom High Vendor project artifactid shardingsphere-single-distsql-handler Low Vendor project groupid org.apache.shardingsphere Highest Product file name pom High Product project artifactid shardingsphere-single-distsql-handler Highest Product project groupid org.apache.shardingsphere Low
org.apache.shardingsphere:shardingsphere-single-distsql-parser:5.5.1-SNAPSHOTDescription:
Build criterion and ecosystem above multi-model databases License:
Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/runner/work/shardingsphere-doc/shardingsphere-doc/shardingsphere/kernel/single/distsql/parser/pom.xml
Referenced In Projects/Scopes: shardingsphere-agent-logging-type shardingsphere-test-e2e-fixture shardingsphere-proxy-frontend-opengauss shardingsphere-proxy-distribution shardingsphere-agent-plugin-core shardingsphere-agent-metrics-prometheus shardingsphere-agent-metrics-core shardingsphere-test-e2e-agent-plugins-metrics-prometheus shardingsphere-test-e2e-agent-plugins-common shardingsphere-agent-logging-file shardingsphere-test-e2e-agent-plugins-logging-file shardingsphere-agent-plugin-logging shardingsphere-agent-plugins shardingsphere-single-distsql-handler shardingsphere-agent-plugin-tracing shardingsphere-proxy-frontend-spi shardingsphere-agent-tracing-opentelemetry shardingsphere-test-e2e-sql shardingsphere-proxy-backend-mysql shardingsphere-proxy-frontend-mysql shardingsphere-agent-tracing-core shardingsphere-proxy-backend-core shardingsphere-proxy-backend-postgresql shardingsphere-test-e2e-transaction shardingsphere-proxy-backend-hbase shardingsphere-proxy-bootstrap shardingsphere-test-e2e-agent-plugins-jaeger shardingsphere-test-it-optimizer shardingsphere-proxy-frontend-postgresql shardingsphere-test-e2e-agent-plugins-zipkin shardingsphere-test-e2e-env shardingsphere-test-e2e-showprocesslist shardingsphere-agent-tracing-type shardingsphere-agent-plugin-metrics shardingsphere-proxy-frontend-core shardingsphere-agent-metrics-type shardingsphere-test-e2e-pipeline shardingsphere-test-it-parser shardingsphere-proxy-native-distribution shardingsphere-proxy-backend-opengauss org.apache.shardingsphere:shardingsphere-single-distsql-parser:5.5.1-SNAPSHOT is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-zipkin@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-metrics-prometheus@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-it-parser@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-metrics-prometheus@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugin-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-opengauss@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-metrics-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-distribution@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-showprocesslist@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-jaeger@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-logging-file@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-tracing-type@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-metrics-type@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugin-logging@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugin-tracing@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-fixture@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-sql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-opengauss@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugins@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-mysql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-env@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-logging-file@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-spi@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-postgresql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-single-distsql-handler@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-it-optimizer@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-bootstrap@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-mysql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-transaction@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-tracing-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-logging-type@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-common@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-hbase@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-native-distribution@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-postgresql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-pipeline@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugin-metrics@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-tracing-opentelemetry@5.5.1-SNAPSHOT Evidence Type Source Name Value Confidence Vendor file name pom High Vendor project artifactid shardingsphere-single-distsql-parser Low Vendor project groupid org.apache.shardingsphere Highest Product file name pom High Product project artifactid shardingsphere-single-distsql-parser Highest Product project groupid org.apache.shardingsphere Low
org.apache.shardingsphere:shardingsphere-single-distsql-statement:5.5.1-SNAPSHOTDescription:
Build criterion and ecosystem above multi-model databases License:
Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/runner/work/shardingsphere-doc/shardingsphere-doc/shardingsphere/kernel/single/distsql/statement/pom.xml
Referenced In Projects/Scopes: shardingsphere-agent-logging-type shardingsphere-test-e2e-fixture shardingsphere-proxy-frontend-opengauss shardingsphere-proxy-distribution shardingsphere-agent-plugin-core shardingsphere-agent-metrics-prometheus shardingsphere-agent-metrics-core shardingsphere-test-e2e-agent-plugins-metrics-prometheus shardingsphere-test-e2e-agent-plugins-common shardingsphere-agent-logging-file shardingsphere-test-e2e-agent-plugins-logging-file shardingsphere-agent-plugin-logging shardingsphere-agent-plugins shardingsphere-single-distsql-handler shardingsphere-agent-plugin-tracing shardingsphere-proxy-frontend-spi shardingsphere-agent-tracing-opentelemetry shardingsphere-test-e2e-sql shardingsphere-single-distsql-parser shardingsphere-proxy-backend-mysql shardingsphere-proxy-frontend-mysql shardingsphere-agent-tracing-core shardingsphere-proxy-backend-core shardingsphere-proxy-backend-postgresql shardingsphere-test-e2e-transaction shardingsphere-proxy-backend-hbase shardingsphere-proxy-bootstrap shardingsphere-test-e2e-agent-plugins-jaeger shardingsphere-test-it-optimizer shardingsphere-proxy-frontend-postgresql shardingsphere-test-e2e-agent-plugins-zipkin shardingsphere-test-e2e-env shardingsphere-test-e2e-showprocesslist shardingsphere-agent-tracing-type shardingsphere-agent-plugin-metrics shardingsphere-proxy-frontend-core shardingsphere-agent-metrics-type shardingsphere-test-e2e-pipeline shardingsphere-test-it-parser shardingsphere-proxy-native-distribution shardingsphere-proxy-backend-opengauss org.apache.shardingsphere:shardingsphere-single-distsql-statement:5.5.1-SNAPSHOT is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-fixture@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-native-distribution@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-metrics-type@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-it-parser@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-bootstrap@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-tracing-opentelemetry@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-sql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-spi@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-metrics-prometheus@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-mysql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-logging-file@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugin-logging@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugin-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-tracing-type@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-showprocesslist@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-distribution@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-it-optimizer@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-pipeline@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-metrics-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-hbase@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-common@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-opengauss@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-env@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-postgresql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-metrics-prometheus@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-single-distsql-handler@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-opengauss@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-zipkin@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-logging-type@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-logging-file@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-jaeger@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-transaction@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-single-distsql-parser@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-mysql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-tracing-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-postgresql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugin-tracing@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugin-metrics@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugins@5.5.1-SNAPSHOT Evidence Type Source Name Value Confidence Vendor file name pom High Vendor project artifactid shardingsphere-single-distsql-statement Low Vendor project groupid org.apache.shardingsphere Highest Product file name pom High Product project artifactid shardingsphere-single-distsql-statement Highest Product project groupid org.apache.shardingsphere Low
org.apache.shardingsphere:shardingsphere-sql-federation-api:5.5.1-SNAPSHOT org.apache.shardingsphere:shardingsphere-sql-federation-core:5.5.1-SNAPSHOTDescription:
Build criterion and ecosystem above multi-model databases License:
Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/runner/work/shardingsphere-doc/shardingsphere-doc/shardingsphere/kernel/sql-federation/core/pom.xml
Referenced In Projects/Scopes: shardingsphere-agent-logging-type shardingsphere-proxy-frontend-opengauss shardingsphere-proxy-distribution shardingsphere-jdbc-distribution shardingsphere-agent-metrics-core shardingsphere-data-pipeline-distsql-handler shardingsphere-test-e2e-agent-plugins-metrics-prometheus shardingsphere-agent-plugin-logging shardingsphere-agent-plugin-tracing shardingsphere-test-e2e-sql shardingsphere-proxy-backend-mysql shardingsphere-jdbc shardingsphere-proxy-frontend-mysql shardingsphere-agent-tracing-core shardingsphere-sql-federation-distsql-handler shardingsphere-test-it-pipeline shardingsphere-proxy-backend-postgresql shardingsphere-data-pipeline-opengauss shardingsphere-test-e2e-driver shardingsphere-proxy-bootstrap shardingsphere-data-pipeline-cdc-core shardingsphere-test-e2e-agent-plugins-zipkin shardingsphere-test-e2e-env shardingsphere-test-e2e-showprocesslist shardingsphere-agent-tracing-type shardingsphere-proxy-frontend-core shardingsphere-data-pipeline-core shardingsphere-data-pipeline-scenario-migration shardingsphere-proxy-native-distribution shardingsphere-test-e2e-fixture shardingsphere-agent-plugin-core shardingsphere-agent-metrics-prometheus shardingsphere-test-e2e-agent-plugins-common shardingsphere-agent-logging-file shardingsphere-data-pipeline-scenario-consistencycheck shardingsphere-test-e2e-agent-plugins-logging-file shardingsphere-agent-plugins shardingsphere-proxy-frontend-spi shardingsphere-agent-tracing-opentelemetry shardingsphere-data-pipeline-postgresql shardingsphere-proxy-backend-core shardingsphere-test-e2e-transaction shardingsphere-proxy-backend-hbase shardingsphere-test-e2e-agent-plugins-jaeger shardingsphere-test-e2e-agent-jdbc-project shardingsphere-test-it-optimizer shardingsphere-proxy-frontend-postgresql shardingsphere-agent-plugin-metrics shardingsphere-agent-metrics-type shardingsphere-test-e2e-pipeline shardingsphere-proxy-backend-opengauss org.apache.shardingsphere:shardingsphere-sql-federation-core:5.5.1-SNAPSHOT is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.shardingsphere/shardingsphere-agent-metrics-type@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-native-distribution@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-pipeline@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-jdbc-project@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-spi@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-jdbc-distribution@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-opengauss@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-metrics-prometheus@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-mysql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-metrics-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-bootstrap@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-distribution@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugin-logging@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-jaeger@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugin-metrics@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-common@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-logging-file@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-tracing-opentelemetry@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-postgresql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-hbase@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-mysql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-zipkin@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-tracing-type@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-fixture@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-tracing-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-transaction@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-it-pipeline@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-env@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-postgresql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-logging-type@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-jdbc@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-distsql-handler@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-scenario-migration@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-postgresql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugin-tracing@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-metrics-prometheus@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-opengauss@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-driver@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugin-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-cdc-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugins@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-showprocesslist@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-it-optimizer@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-scenario-consistencycheck@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-sql-federation-distsql-handler@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-logging-file@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-sql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-opengauss@5.5.1-SNAPSHOT Evidence Type Source Name Value Confidence Vendor file name pom High Vendor project artifactid shardingsphere-sql-federation-core Low Vendor project groupid org.apache.shardingsphere Highest Product file name pom High Product project artifactid shardingsphere-sql-federation-core Highest Product project groupid org.apache.shardingsphere Low
org.apache.shardingsphere:shardingsphere-sql-federation-distsql-handler:5.5.1-SNAPSHOTDescription:
Build criterion and ecosystem above multi-model databases License:
Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/runner/work/shardingsphere-doc/shardingsphere-doc/shardingsphere/kernel/sql-federation/distsql/handler/pom.xml
Referenced In Projects/Scopes: shardingsphere-agent-logging-type shardingsphere-test-e2e-fixture shardingsphere-proxy-frontend-opengauss shardingsphere-proxy-distribution shardingsphere-agent-plugin-core shardingsphere-agent-metrics-prometheus shardingsphere-agent-metrics-core shardingsphere-test-e2e-agent-plugins-metrics-prometheus shardingsphere-test-e2e-agent-plugins-common shardingsphere-agent-logging-file shardingsphere-test-e2e-agent-plugins-logging-file shardingsphere-agent-plugin-logging shardingsphere-agent-plugins shardingsphere-agent-plugin-tracing shardingsphere-proxy-frontend-spi shardingsphere-agent-tracing-opentelemetry shardingsphere-test-e2e-sql shardingsphere-proxy-backend-mysql shardingsphere-proxy-frontend-mysql shardingsphere-agent-tracing-core shardingsphere-proxy-backend-core shardingsphere-proxy-backend-postgresql shardingsphere-test-e2e-transaction shardingsphere-proxy-backend-hbase shardingsphere-proxy-bootstrap shardingsphere-test-e2e-agent-plugins-jaeger shardingsphere-proxy-frontend-postgresql shardingsphere-test-e2e-agent-plugins-zipkin shardingsphere-test-e2e-env shardingsphere-test-e2e-showprocesslist shardingsphere-agent-tracing-type shardingsphere-agent-plugin-metrics shardingsphere-proxy-frontend-core shardingsphere-agent-metrics-type shardingsphere-test-e2e-pipeline shardingsphere-proxy-native-distribution shardingsphere-proxy-backend-opengauss org.apache.shardingsphere:shardingsphere-sql-federation-distsql-handler:5.5.1-SNAPSHOT is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugin-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-transaction@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-logging-file@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugins@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-opengauss@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugin-tracing@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-jaeger@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-opengauss@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-fixture@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugin-metrics@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-zipkin@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-tracing-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-logging-file@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-showprocesslist@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-mysql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-postgresql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-logging-type@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-pipeline@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-env@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-metrics-prometheus@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-postgresql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-tracing-type@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-sql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-metrics-prometheus@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-common@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-metrics-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-native-distribution@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugin-logging@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-spi@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-tracing-opentelemetry@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-distribution@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-mysql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-metrics-type@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-hbase@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-bootstrap@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-core@5.5.1-SNAPSHOT Evidence Type Source Name Value Confidence Vendor file name pom High Vendor project artifactid shardingsphere-sql-federation-distsql-handler Low Vendor project groupid org.apache.shardingsphere Highest Product file name pom High Product project artifactid shardingsphere-sql-federation-distsql-handler Highest Product project groupid org.apache.shardingsphere Low
org.apache.shardingsphere:shardingsphere-sql-federation-distsql-parser:5.5.1-SNAPSHOTDescription:
Build criterion and ecosystem above multi-model databases License:
Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/runner/work/shardingsphere-doc/shardingsphere-doc/shardingsphere/kernel/sql-federation/distsql/parser/pom.xml
Referenced In Projects/Scopes: shardingsphere-agent-logging-type shardingsphere-test-e2e-fixture shardingsphere-proxy-frontend-opengauss shardingsphere-proxy-distribution shardingsphere-agent-plugin-core shardingsphere-agent-metrics-prometheus shardingsphere-agent-metrics-core shardingsphere-test-e2e-agent-plugins-metrics-prometheus shardingsphere-test-e2e-agent-plugins-common shardingsphere-agent-logging-file shardingsphere-test-e2e-agent-plugins-logging-file shardingsphere-agent-plugin-logging shardingsphere-agent-plugins shardingsphere-agent-plugin-tracing shardingsphere-proxy-frontend-spi shardingsphere-agent-tracing-opentelemetry shardingsphere-test-e2e-sql shardingsphere-proxy-backend-mysql shardingsphere-proxy-frontend-mysql shardingsphere-agent-tracing-core shardingsphere-proxy-backend-core shardingsphere-sql-federation-distsql-handler shardingsphere-proxy-backend-postgresql shardingsphere-test-e2e-transaction shardingsphere-proxy-backend-hbase shardingsphere-proxy-bootstrap shardingsphere-test-e2e-agent-plugins-jaeger shardingsphere-proxy-frontend-postgresql shardingsphere-test-e2e-agent-plugins-zipkin shardingsphere-test-e2e-env shardingsphere-test-e2e-showprocesslist shardingsphere-agent-tracing-type shardingsphere-agent-plugin-metrics shardingsphere-proxy-frontend-core shardingsphere-agent-metrics-type shardingsphere-test-e2e-pipeline shardingsphere-proxy-native-distribution shardingsphere-proxy-backend-opengauss org.apache.shardingsphere:shardingsphere-sql-federation-distsql-parser:5.5.1-SNAPSHOT is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.shardingsphere/shardingsphere-agent-tracing-opentelemetry@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugin-logging@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugin-metrics@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-showprocesslist@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-opengauss@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-bootstrap@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-mysql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-hbase@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-fixture@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-metrics-prometheus@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-zipkin@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-mysql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-tracing-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-logging-type@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-metrics-prometheus@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-metrics-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-postgresql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-common@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-sql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-opengauss@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-native-distribution@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-distribution@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-logging-file@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-metrics-type@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-sql-federation-distsql-handler@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-logging-file@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-transaction@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugin-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-tracing-type@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-spi@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugins@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-postgresql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-pipeline@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-env@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugin-tracing@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-jaeger@5.5.1-SNAPSHOT Evidence Type Source Name Value Confidence Vendor file name pom High Vendor project artifactid shardingsphere-sql-federation-distsql-parser Low Vendor project groupid org.apache.shardingsphere Highest Product file name pom High Product project artifactid shardingsphere-sql-federation-distsql-parser Highest Product project groupid org.apache.shardingsphere Low
org.apache.shardingsphere:shardingsphere-sql-federation-distsql-statement:5.5.1-SNAPSHOTDescription:
Build criterion and ecosystem above multi-model databases License:
Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/runner/work/shardingsphere-doc/shardingsphere-doc/shardingsphere/kernel/sql-federation/distsql/statement/pom.xml
Referenced In Projects/Scopes: shardingsphere-agent-logging-type shardingsphere-test-e2e-fixture shardingsphere-proxy-frontend-opengauss shardingsphere-proxy-distribution shardingsphere-agent-plugin-core shardingsphere-agent-metrics-prometheus shardingsphere-agent-metrics-core shardingsphere-test-e2e-agent-plugins-metrics-prometheus shardingsphere-test-e2e-agent-plugins-common shardingsphere-agent-logging-file shardingsphere-test-e2e-agent-plugins-logging-file shardingsphere-agent-plugin-logging shardingsphere-agent-plugins shardingsphere-agent-plugin-tracing shardingsphere-proxy-frontend-spi shardingsphere-agent-tracing-opentelemetry shardingsphere-test-e2e-sql shardingsphere-proxy-backend-mysql shardingsphere-proxy-frontend-mysql shardingsphere-agent-tracing-core shardingsphere-proxy-backend-core shardingsphere-sql-federation-distsql-handler shardingsphere-proxy-backend-postgresql shardingsphere-test-e2e-transaction shardingsphere-proxy-backend-hbase shardingsphere-proxy-bootstrap shardingsphere-test-e2e-agent-plugins-jaeger shardingsphere-proxy-frontend-postgresql shardingsphere-test-e2e-agent-plugins-zipkin shardingsphere-test-e2e-env shardingsphere-test-e2e-showprocesslist shardingsphere-agent-tracing-type shardingsphere-agent-plugin-metrics shardingsphere-proxy-frontend-core shardingsphere-agent-metrics-type shardingsphere-sql-federation-distsql-parser shardingsphere-test-e2e-pipeline shardingsphere-proxy-native-distribution shardingsphere-proxy-backend-opengauss org.apache.shardingsphere:shardingsphere-sql-federation-distsql-statement:5.5.1-SNAPSHOT is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugin-logging@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-bootstrap@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-mysql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-tracing-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-common@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-metrics-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-zipkin@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-jaeger@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-postgresql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-sql-federation-distsql-handler@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-pipeline@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-hbase@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-native-distribution@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugins@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-metrics-type@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-logging-file@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-showprocesslist@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-metrics-prometheus@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugin-metrics@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-tracing-opentelemetry@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-metrics-prometheus@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-sql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugin-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-opengauss@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-opengauss@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-logging-type@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-transaction@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-distribution@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-mysql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-sql-federation-distsql-parser@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-fixture@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-tracing-type@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-postgresql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-spi@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-logging-file@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-env@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugin-tracing@5.5.1-SNAPSHOT Evidence Type Source Name Value Confidence Vendor file name pom High Vendor project artifactid shardingsphere-sql-federation-distsql-statement Low Vendor project groupid org.apache.shardingsphere Highest Product file name pom High Product project artifactid shardingsphere-sql-federation-distsql-statement Highest Product project groupid org.apache.shardingsphere Low
org.apache.shardingsphere:shardingsphere-sql-federation-executor:5.5.1-SNAPSHOT org.apache.shardingsphere:shardingsphere-sql-federation-optimizer:5.5.1-SNAPSHOT org.apache.shardingsphere:shardingsphere-sql-parser-api:5.5.1-SNAPSHOT org.apache.shardingsphere:shardingsphere-sql-parser-core:5.5.1-SNAPSHOT org.apache.shardingsphere:shardingsphere-sql-parser-distsql-handler:5.5.1-SNAPSHOTDescription:
Build criterion and ecosystem above multi-model databases License:
Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/runner/work/shardingsphere-doc/shardingsphere-doc/shardingsphere/kernel/sql-parser/distsql/handler/pom.xml
Referenced In Projects/Scopes: shardingsphere-agent-logging-type shardingsphere-test-e2e-fixture shardingsphere-proxy-frontend-opengauss shardingsphere-proxy-distribution shardingsphere-agent-plugin-core shardingsphere-agent-metrics-prometheus shardingsphere-agent-metrics-core shardingsphere-test-e2e-agent-plugins-metrics-prometheus shardingsphere-test-e2e-agent-plugins-common shardingsphere-agent-logging-file shardingsphere-test-e2e-agent-plugins-logging-file shardingsphere-agent-plugin-logging shardingsphere-agent-plugins shardingsphere-agent-plugin-tracing shardingsphere-proxy-frontend-spi shardingsphere-agent-tracing-opentelemetry shardingsphere-test-e2e-sql shardingsphere-proxy-backend-mysql shardingsphere-proxy-frontend-mysql shardingsphere-agent-tracing-core shardingsphere-proxy-backend-core shardingsphere-proxy-backend-postgresql shardingsphere-test-e2e-transaction shardingsphere-proxy-backend-hbase shardingsphere-proxy-bootstrap shardingsphere-test-e2e-agent-plugins-jaeger shardingsphere-proxy-frontend-postgresql shardingsphere-test-e2e-agent-plugins-zipkin shardingsphere-test-e2e-env shardingsphere-test-e2e-showprocesslist shardingsphere-agent-tracing-type shardingsphere-agent-plugin-metrics shardingsphere-proxy-frontend-core shardingsphere-agent-metrics-type shardingsphere-test-e2e-pipeline shardingsphere-proxy-native-distribution shardingsphere-proxy-backend-opengauss org.apache.shardingsphere:shardingsphere-sql-parser-distsql-handler:5.5.1-SNAPSHOT is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-sql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-tracing-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-bootstrap@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugin-metrics@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-opengauss@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-postgresql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-metrics-prometheus@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-metrics-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-tracing-type@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugin-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-fixture@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-hbase@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-common@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-metrics-prometheus@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-transaction@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-logging-file@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugin-tracing@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-zipkin@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-showprocesslist@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugin-logging@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-opengauss@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugins@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-metrics-type@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-logging-file@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-postgresql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-native-distribution@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-tracing-opentelemetry@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-pipeline@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-logging-type@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-env@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-spi@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-mysql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-mysql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-distribution@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-jaeger@5.5.1-SNAPSHOT Evidence Type Source Name Value Confidence Vendor file name pom High Vendor project artifactid shardingsphere-sql-parser-distsql-handler Low Vendor project groupid org.apache.shardingsphere Highest Product file name pom High Product project artifactid shardingsphere-sql-parser-distsql-handler Highest Product project groupid org.apache.shardingsphere Low
org.apache.shardingsphere:shardingsphere-sql-parser-distsql-parser:5.5.1-SNAPSHOTDescription:
Build criterion and ecosystem above multi-model databases License:
Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/runner/work/shardingsphere-doc/shardingsphere-doc/shardingsphere/kernel/sql-parser/distsql/parser/pom.xml
Referenced In Projects/Scopes: shardingsphere-agent-logging-type shardingsphere-test-e2e-fixture shardingsphere-proxy-frontend-opengauss shardingsphere-proxy-distribution shardingsphere-agent-plugin-core shardingsphere-sql-parser-distsql-handler shardingsphere-agent-metrics-prometheus shardingsphere-agent-metrics-core shardingsphere-test-e2e-agent-plugins-metrics-prometheus shardingsphere-test-e2e-agent-plugins-common shardingsphere-agent-logging-file shardingsphere-test-e2e-agent-plugins-logging-file shardingsphere-agent-plugin-logging shardingsphere-agent-plugins shardingsphere-agent-plugin-tracing shardingsphere-proxy-frontend-spi shardingsphere-agent-tracing-opentelemetry shardingsphere-test-e2e-sql shardingsphere-proxy-backend-mysql shardingsphere-proxy-frontend-mysql shardingsphere-agent-tracing-core shardingsphere-proxy-backend-core shardingsphere-proxy-backend-postgresql shardingsphere-test-e2e-transaction shardingsphere-proxy-backend-hbase shardingsphere-proxy-bootstrap shardingsphere-test-e2e-agent-plugins-jaeger shardingsphere-test-it-optimizer shardingsphere-proxy-frontend-postgresql shardingsphere-test-e2e-agent-plugins-zipkin shardingsphere-test-e2e-env shardingsphere-test-e2e-showprocesslist shardingsphere-agent-tracing-type shardingsphere-agent-plugin-metrics shardingsphere-proxy-frontend-core shardingsphere-agent-metrics-type shardingsphere-test-e2e-pipeline shardingsphere-test-it-parser shardingsphere-proxy-native-distribution shardingsphere-proxy-backend-opengauss org.apache.shardingsphere:shardingsphere-sql-parser-distsql-parser:5.5.1-SNAPSHOT is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-bootstrap@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-metrics-prometheus@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-env@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-metrics-prometheus@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-tracing-opentelemetry@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-metrics-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugin-metrics@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-native-distribution@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-postgresql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugin-tracing@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-spi@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-common@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-opengauss@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-hbase@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-sql-parser-distsql-handler@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-zipkin@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-mysql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-jaeger@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-showprocesslist@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-logging-file@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-mysql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-it-optimizer@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-logging-type@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-opengauss@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugins@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugin-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-tracing-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-transaction@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-it-parser@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-fixture@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugin-logging@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-pipeline@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-logging-file@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-metrics-type@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-postgresql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-distribution@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-sql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-tracing-type@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-core@5.5.1-SNAPSHOT Evidence Type Source Name Value Confidence Vendor file name pom High Vendor project artifactid shardingsphere-sql-parser-distsql-parser Low Vendor project groupid org.apache.shardingsphere Highest Product file name pom High Product project artifactid shardingsphere-sql-parser-distsql-parser Highest Product project groupid org.apache.shardingsphere Low
org.apache.shardingsphere:shardingsphere-sql-parser-distsql-statement:5.5.1-SNAPSHOTDescription:
Build criterion and ecosystem above multi-model databases License:
Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/runner/work/shardingsphere-doc/shardingsphere-doc/shardingsphere/kernel/sql-parser/distsql/statement/pom.xml
Referenced In Projects/Scopes: shardingsphere-agent-logging-type shardingsphere-test-e2e-fixture shardingsphere-proxy-frontend-opengauss shardingsphere-proxy-distribution shardingsphere-agent-plugin-core shardingsphere-sql-parser-distsql-handler shardingsphere-agent-metrics-prometheus shardingsphere-agent-metrics-core shardingsphere-test-e2e-agent-plugins-metrics-prometheus shardingsphere-test-e2e-agent-plugins-common shardingsphere-agent-logging-file shardingsphere-test-e2e-agent-plugins-logging-file shardingsphere-agent-plugin-logging shardingsphere-agent-plugins shardingsphere-agent-plugin-tracing shardingsphere-proxy-frontend-spi shardingsphere-sql-parser-distsql-parser shardingsphere-agent-tracing-opentelemetry shardingsphere-test-e2e-sql shardingsphere-proxy-backend-mysql shardingsphere-proxy-frontend-mysql shardingsphere-agent-tracing-core shardingsphere-proxy-backend-core shardingsphere-proxy-backend-postgresql shardingsphere-test-e2e-transaction shardingsphere-proxy-backend-hbase shardingsphere-proxy-bootstrap shardingsphere-test-e2e-agent-plugins-jaeger shardingsphere-test-it-optimizer shardingsphere-proxy-frontend-postgresql shardingsphere-test-e2e-agent-plugins-zipkin shardingsphere-test-e2e-env shardingsphere-test-e2e-showprocesslist shardingsphere-agent-tracing-type shardingsphere-agent-plugin-metrics shardingsphere-proxy-frontend-core shardingsphere-agent-metrics-type shardingsphere-test-e2e-pipeline shardingsphere-test-it-parser shardingsphere-proxy-native-distribution shardingsphere-proxy-backend-opengauss org.apache.shardingsphere:shardingsphere-sql-parser-distsql-statement:5.5.1-SNAPSHOT is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.shardingsphere/shardingsphere-agent-logging-type@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-zipkin@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-native-distribution@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-jaeger@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-spi@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-metrics-prometheus@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-fixture@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-metrics-prometheus@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugins@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-it-parser@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugin-logging@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-sql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-metrics-type@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-hbase@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugin-metrics@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-opengauss@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-logging-file@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-bootstrap@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-env@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-tracing-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugin-tracing@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-postgresql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-sql-parser-distsql-handler@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-it-optimizer@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-distribution@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-showprocesslist@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-pipeline@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-common@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-mysql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-tracing-opentelemetry@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-mysql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-tracing-type@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-sql-parser-distsql-parser@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-metrics-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-postgresql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-transaction@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-opengauss@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-logging-file@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugin-core@5.5.1-SNAPSHOT Evidence Type Source Name Value Confidence Vendor file name pom High Vendor project artifactid shardingsphere-sql-parser-distsql-statement Low Vendor project groupid org.apache.shardingsphere Highest Product file name pom High Product project artifactid shardingsphere-sql-parser-distsql-statement Highest Product project groupid org.apache.shardingsphere Low
org.apache.shardingsphere:shardingsphere-sql-translator-api:5.5.1-SNAPSHOT org.apache.shardingsphere:shardingsphere-sql-translator-core:5.5.1-SNAPSHOT org.apache.shardingsphere:shardingsphere-sql-translator-distsql-handler:5.5.1-SNAPSHOTDescription:
Build criterion and ecosystem above multi-model databases License:
Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/runner/work/shardingsphere-doc/shardingsphere-doc/shardingsphere/kernel/sql-translator/distsql/handler/pom.xml
Referenced In Projects/Scopes: shardingsphere-agent-logging-type shardingsphere-test-e2e-fixture shardingsphere-proxy-frontend-opengauss shardingsphere-proxy-distribution shardingsphere-agent-plugin-core shardingsphere-agent-metrics-prometheus shardingsphere-agent-metrics-core shardingsphere-test-e2e-agent-plugins-metrics-prometheus shardingsphere-test-e2e-agent-plugins-common shardingsphere-agent-logging-file shardingsphere-test-e2e-agent-plugins-logging-file shardingsphere-agent-plugin-logging shardingsphere-agent-plugins shardingsphere-agent-plugin-tracing shardingsphere-proxy-frontend-spi shardingsphere-agent-tracing-opentelemetry shardingsphere-test-e2e-sql shardingsphere-proxy-backend-mysql shardingsphere-proxy-frontend-mysql shardingsphere-agent-tracing-core shardingsphere-proxy-backend-core shardingsphere-proxy-backend-postgresql shardingsphere-test-e2e-transaction shardingsphere-proxy-backend-hbase shardingsphere-proxy-bootstrap shardingsphere-test-e2e-agent-plugins-jaeger shardingsphere-proxy-frontend-postgresql shardingsphere-test-e2e-agent-plugins-zipkin shardingsphere-test-e2e-env shardingsphere-test-e2e-showprocesslist shardingsphere-agent-tracing-type shardingsphere-agent-plugin-metrics shardingsphere-proxy-frontend-core shardingsphere-agent-metrics-type shardingsphere-test-e2e-pipeline shardingsphere-proxy-native-distribution shardingsphere-proxy-backend-opengauss org.apache.shardingsphere:shardingsphere-sql-translator-distsql-handler:5.5.1-SNAPSHOT is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.shardingsphere/shardingsphere-agent-metrics-type@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-postgresql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-logging-file@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugin-logging@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-postgresql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugin-metrics@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-logging-type@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-tracing-type@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-zipkin@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-mysql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-env@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-spi@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-mysql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-native-distribution@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-metrics-prometheus@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-sql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-showprocesslist@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-metrics-prometheus@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-common@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-jaeger@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-bootstrap@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugins@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-hbase@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-opengauss@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugin-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-tracing-opentelemetry@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-distribution@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-opengauss@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-tracing-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-fixture@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugin-tracing@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-metrics-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-pipeline@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-logging-file@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-transaction@5.5.1-SNAPSHOT Evidence Type Source Name Value Confidence Vendor file name pom High Vendor project artifactid shardingsphere-sql-translator-distsql-handler Low Vendor project groupid org.apache.shardingsphere Highest Product file name pom High Product project artifactid shardingsphere-sql-translator-distsql-handler Highest Product project groupid org.apache.shardingsphere Low
org.apache.shardingsphere:shardingsphere-sql-translator-distsql-parser:5.5.1-SNAPSHOTDescription:
Build criterion and ecosystem above multi-model databases License:
Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/runner/work/shardingsphere-doc/shardingsphere-doc/shardingsphere/kernel/sql-translator/distsql/parser/pom.xml
Referenced In Projects/Scopes: shardingsphere-agent-logging-type shardingsphere-test-e2e-fixture shardingsphere-proxy-frontend-opengauss shardingsphere-proxy-distribution shardingsphere-agent-plugin-core shardingsphere-agent-metrics-prometheus shardingsphere-agent-metrics-core shardingsphere-test-e2e-agent-plugins-metrics-prometheus shardingsphere-test-e2e-agent-plugins-common shardingsphere-agent-logging-file shardingsphere-test-e2e-agent-plugins-logging-file shardingsphere-sql-translator-distsql-handler shardingsphere-agent-plugin-logging shardingsphere-agent-plugins shardingsphere-agent-plugin-tracing shardingsphere-proxy-frontend-spi shardingsphere-agent-tracing-opentelemetry shardingsphere-test-e2e-sql shardingsphere-proxy-backend-mysql shardingsphere-proxy-frontend-mysql shardingsphere-agent-tracing-core shardingsphere-proxy-backend-core shardingsphere-proxy-backend-postgresql shardingsphere-test-e2e-transaction shardingsphere-proxy-backend-hbase shardingsphere-proxy-bootstrap shardingsphere-test-e2e-agent-plugins-jaeger shardingsphere-test-it-optimizer shardingsphere-proxy-frontend-postgresql shardingsphere-test-e2e-agent-plugins-zipkin shardingsphere-test-e2e-env shardingsphere-test-e2e-showprocesslist shardingsphere-agent-tracing-type shardingsphere-agent-plugin-metrics shardingsphere-proxy-frontend-core shardingsphere-agent-metrics-type shardingsphere-test-e2e-pipeline shardingsphere-test-it-parser shardingsphere-proxy-native-distribution shardingsphere-proxy-backend-opengauss org.apache.shardingsphere:shardingsphere-sql-translator-distsql-parser:5.5.1-SNAPSHOT is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.shardingsphere/shardingsphere-agent-tracing-type@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-metrics-prometheus@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-native-distribution@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugin-tracing@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-opengauss@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-logging-file@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-hbase@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-postgresql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-env@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-showprocesslist@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-spi@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-sql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-metrics-prometheus@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-it-optimizer@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-common@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-bootstrap@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-metrics-type@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-fixture@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugins@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-pipeline@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-opengauss@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugin-metrics@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-mysql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-logging-type@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-distribution@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-zipkin@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugin-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-it-parser@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-metrics-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-tracing-opentelemetry@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-jaeger@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-tracing-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-transaction@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-mysql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-postgresql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugin-logging@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-logging-file@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-sql-translator-distsql-handler@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-core@5.5.1-SNAPSHOT Evidence Type Source Name Value Confidence Vendor file name pom High Vendor project artifactid shardingsphere-sql-translator-distsql-parser Low Vendor project groupid org.apache.shardingsphere Highest Product file name pom High Product project artifactid shardingsphere-sql-translator-distsql-parser Highest Product project groupid org.apache.shardingsphere Low
org.apache.shardingsphere:shardingsphere-sql-translator-distsql-statement:5.5.1-SNAPSHOTDescription:
Build criterion and ecosystem above multi-model databases License:
Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/runner/work/shardingsphere-doc/shardingsphere-doc/shardingsphere/kernel/sql-translator/distsql/statement/pom.xml
Referenced In Projects/Scopes: shardingsphere-agent-logging-type shardingsphere-test-e2e-fixture shardingsphere-proxy-frontend-opengauss shardingsphere-proxy-distribution shardingsphere-agent-plugin-core shardingsphere-agent-metrics-prometheus shardingsphere-agent-metrics-core shardingsphere-test-e2e-agent-plugins-metrics-prometheus shardingsphere-test-e2e-agent-plugins-common shardingsphere-agent-logging-file shardingsphere-test-e2e-agent-plugins-logging-file shardingsphere-sql-translator-distsql-handler shardingsphere-agent-plugin-logging shardingsphere-agent-plugins shardingsphere-agent-plugin-tracing shardingsphere-proxy-frontend-spi shardingsphere-agent-tracing-opentelemetry shardingsphere-test-e2e-sql shardingsphere-proxy-backend-mysql shardingsphere-proxy-frontend-mysql shardingsphere-agent-tracing-core shardingsphere-proxy-backend-core shardingsphere-proxy-backend-postgresql shardingsphere-test-e2e-transaction shardingsphere-proxy-backend-hbase shardingsphere-sql-translator-distsql-parser shardingsphere-proxy-bootstrap shardingsphere-test-e2e-agent-plugins-jaeger shardingsphere-test-it-optimizer shardingsphere-proxy-frontend-postgresql shardingsphere-test-e2e-agent-plugins-zipkin shardingsphere-test-e2e-env shardingsphere-test-e2e-showprocesslist shardingsphere-agent-tracing-type shardingsphere-agent-plugin-metrics shardingsphere-proxy-frontend-core shardingsphere-agent-metrics-type shardingsphere-test-e2e-pipeline shardingsphere-test-it-parser shardingsphere-proxy-native-distribution shardingsphere-proxy-backend-opengauss org.apache.shardingsphere:shardingsphere-sql-translator-distsql-statement:5.5.1-SNAPSHOT is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.shardingsphere/shardingsphere-agent-tracing-opentelemetry@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-logging-file@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugin-tracing@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-logging-type@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-native-distribution@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-metrics-prometheus@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-sql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-bootstrap@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-mysql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-metrics-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-hbase@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-metrics-prometheus@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-mysql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-opengauss@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-fixture@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-zipkin@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-postgresql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-spi@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-tracing-type@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-metrics-type@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-transaction@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-postgresql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugin-metrics@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-it-optimizer@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-pipeline@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-env@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-it-parser@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugin-logging@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugins@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-sql-translator-distsql-parser@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-tracing-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-logging-file@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-common@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-jaeger@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugin-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-sql-translator-distsql-handler@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-showprocesslist@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-distribution@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-opengauss@5.5.1-SNAPSHOT Evidence Type Source Name Value Confidence Vendor file name pom High Vendor project artifactid shardingsphere-sql-translator-distsql-statement Low Vendor project groupid org.apache.shardingsphere Highest Product file name pom High Product project artifactid shardingsphere-sql-translator-distsql-statement Highest Product project groupid org.apache.shardingsphere Low
org.apache.shardingsphere:shardingsphere-sql-translator-native-provider:5.5.1-SNAPSHOT org.apache.shardingsphere:shardingsphere-standalone-mode-core:5.5.1-SNAPSHOTDescription:
Build criterion and ecosystem above multi-model databases License:
Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/runner/work/shardingsphere-doc/shardingsphere-doc/shardingsphere/mode/type/standalone/core/pom.xml
Referenced In Projects/Scopes: shardingsphere-agent-logging-type shardingsphere-proxy-frontend-opengauss shardingsphere-proxy-distribution shardingsphere-jdbc-distribution shardingsphere-agent-metrics-core shardingsphere-data-pipeline-distsql-handler shardingsphere-test-e2e-agent-plugins-metrics-prometheus shardingsphere-agent-plugin-logging shardingsphere-agent-plugin-tracing shardingsphere-test-e2e-sql shardingsphere-proxy-backend-mysql shardingsphere-jdbc shardingsphere-proxy-frontend-mysql shardingsphere-agent-tracing-core shardingsphere-test-it-pipeline shardingsphere-proxy-backend-postgresql shardingsphere-data-pipeline-opengauss shardingsphere-test-e2e-driver shardingsphere-proxy-bootstrap shardingsphere-data-pipeline-cdc-core shardingsphere-test-e2e-agent-plugins-zipkin shardingsphere-test-e2e-env shardingsphere-test-e2e-showprocesslist shardingsphere-agent-tracing-type shardingsphere-proxy-frontend-core shardingsphere-data-pipeline-core shardingsphere-data-pipeline-scenario-migration shardingsphere-proxy-native-distribution shardingsphere-test-e2e-fixture shardingsphere-agent-plugin-core shardingsphere-agent-metrics-prometheus shardingsphere-test-e2e-agent-plugins-common shardingsphere-agent-logging-file shardingsphere-data-pipeline-scenario-consistencycheck shardingsphere-test-e2e-agent-plugins-logging-file shardingsphere-agent-plugins shardingsphere-proxy-frontend-spi shardingsphere-agent-tracing-opentelemetry shardingsphere-data-pipeline-postgresql shardingsphere-proxy-backend-core shardingsphere-test-e2e-transaction shardingsphere-proxy-backend-hbase shardingsphere-test-e2e-agent-plugins-jaeger shardingsphere-test-e2e-agent-jdbc-project shardingsphere-proxy-frontend-postgresql shardingsphere-agent-plugin-metrics shardingsphere-agent-metrics-type shardingsphere-test-e2e-pipeline shardingsphere-proxy-backend-opengauss org.apache.shardingsphere:shardingsphere-standalone-mode-core:5.5.1-SNAPSHOT is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-native-distribution@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-metrics-prometheus@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-metrics-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-distsql-handler@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-postgresql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugin-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-pipeline@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-logging-file@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-driver@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugins@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-jdbc@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-metrics-type@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-metrics-prometheus@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugin-tracing@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-sql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-jdbc-distribution@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugin-metrics@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-jdbc-project@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-scenario-migration@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugin-logging@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-distribution@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-jaeger@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-common@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-tracing-opentelemetry@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-logging-type@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-spi@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-opengauss@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-hbase@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-postgresql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-zipkin@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-logging-file@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-transaction@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-scenario-consistencycheck@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-opengauss@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-mysql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-fixture@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-bootstrap@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-it-pipeline@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-showprocesslist@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-env@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-opengauss@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-tracing-type@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-tracing-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-cdc-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-postgresql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-mysql@5.5.1-SNAPSHOT Evidence Type Source Name Value Confidence Vendor file name pom High Vendor project artifactid shardingsphere-standalone-mode-core Low Vendor project groupid org.apache.shardingsphere Highest Product file name pom High Product project artifactid shardingsphere-standalone-mode-core Highest Product project groupid org.apache.shardingsphere Low
org.apache.shardingsphere:shardingsphere-standalone-mode-repository-api:5.5.1-SNAPSHOTDescription:
Build criterion and ecosystem above multi-model databases License:
Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/runner/work/shardingsphere-doc/shardingsphere-doc/shardingsphere/mode/type/standalone/repository/api/pom.xml
Referenced In Projects/Scopes: shardingsphere-agent-logging-type shardingsphere-proxy-frontend-opengauss shardingsphere-proxy-distribution shardingsphere-jdbc-distribution shardingsphere-standalone-mode-repository-jdbc shardingsphere-agent-metrics-core shardingsphere-data-pipeline-distsql-handler shardingsphere-test-e2e-agent-plugins-metrics-prometheus shardingsphere-agent-plugin-logging shardingsphere-agent-plugin-tracing shardingsphere-test-e2e-sql shardingsphere-proxy-backend-mysql shardingsphere-jdbc shardingsphere-proxy-frontend-mysql shardingsphere-agent-tracing-core shardingsphere-test-it-pipeline shardingsphere-proxy-backend-postgresql shardingsphere-data-pipeline-opengauss shardingsphere-test-e2e-driver shardingsphere-proxy-bootstrap shardingsphere-data-pipeline-cdc-core shardingsphere-test-e2e-agent-plugins-zipkin shardingsphere-test-e2e-env shardingsphere-test-e2e-showprocesslist shardingsphere-agent-tracing-type shardingsphere-proxy-frontend-core shardingsphere-data-pipeline-core shardingsphere-standalone-mode-core shardingsphere-data-pipeline-scenario-migration shardingsphere-proxy-native-distribution shardingsphere-test-e2e-fixture shardingsphere-agent-plugin-core shardingsphere-agent-metrics-prometheus shardingsphere-test-e2e-agent-plugins-common shardingsphere-agent-logging-file shardingsphere-data-pipeline-scenario-consistencycheck shardingsphere-test-e2e-agent-plugins-logging-file shardingsphere-agent-plugins shardingsphere-proxy-frontend-spi shardingsphere-agent-tracing-opentelemetry shardingsphere-data-pipeline-postgresql shardingsphere-proxy-backend-core shardingsphere-test-e2e-transaction shardingsphere-proxy-backend-hbase shardingsphere-test-e2e-agent-plugins-jaeger shardingsphere-test-e2e-agent-jdbc-project shardingsphere-proxy-frontend-postgresql shardingsphere-agent-plugin-metrics shardingsphere-agent-metrics-type shardingsphere-test-e2e-pipeline shardingsphere-proxy-backend-opengauss org.apache.shardingsphere:shardingsphere-standalone-mode-repository-api:5.5.1-SNAPSHOT is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-opengauss@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-jdbc-project@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-bootstrap@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugin-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-transaction@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-tracing-type@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-showprocesslist@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-zipkin@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-metrics-prometheus@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-distsql-handler@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-pipeline@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugin-tracing@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugin-metrics@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-native-distribution@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-opengauss@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-scenario-migration@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-it-pipeline@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-driver@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-spi@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-jdbc@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-standalone-mode-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugins@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-fixture@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-distribution@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-metrics-prometheus@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-sql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-postgresql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-common@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-cdc-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-hbase@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-jaeger@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-postgresql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-metrics-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-postgresql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-logging-file@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-scenario-consistencycheck@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-logging-file@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-standalone-mode-repository-jdbc@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-logging-type@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-jdbc-distribution@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugin-logging@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-env@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-opengauss@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-metrics-type@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-mysql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-tracing-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-mysql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-tracing-opentelemetry@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT Evidence Type Source Name Value Confidence Vendor file name pom High Vendor project artifactid shardingsphere-standalone-mode-repository-api Low Vendor project groupid org.apache.shardingsphere Highest Product file name pom High Product project artifactid shardingsphere-standalone-mode-repository-api Highest Product project groupid org.apache.shardingsphere Low
org.apache.shardingsphere:shardingsphere-standalone-mode-repository-jdbc:5.5.1-SNAPSHOTDescription:
Build criterion and ecosystem above multi-model databases License:
Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/runner/work/shardingsphere-doc/shardingsphere-doc/shardingsphere/mode/type/standalone/repository/provider/jdbc/pom.xml
Referenced In Projects/Scopes: shardingsphere-agent-logging-type shardingsphere-proxy-frontend-opengauss shardingsphere-proxy-distribution shardingsphere-jdbc-distribution shardingsphere-agent-metrics-core shardingsphere-data-pipeline-distsql-handler shardingsphere-test-e2e-agent-plugins-metrics-prometheus shardingsphere-agent-plugin-logging shardingsphere-agent-plugin-tracing shardingsphere-test-e2e-sql shardingsphere-proxy-backend-mysql shardingsphere-jdbc shardingsphere-proxy-frontend-mysql shardingsphere-agent-tracing-core shardingsphere-test-it-pipeline shardingsphere-proxy-backend-postgresql shardingsphere-data-pipeline-opengauss shardingsphere-test-e2e-driver shardingsphere-proxy-bootstrap shardingsphere-data-pipeline-cdc-core shardingsphere-test-e2e-agent-plugins-zipkin shardingsphere-test-e2e-env shardingsphere-test-e2e-showprocesslist shardingsphere-agent-tracing-type shardingsphere-proxy-frontend-core shardingsphere-data-pipeline-core shardingsphere-data-pipeline-scenario-migration shardingsphere-proxy-native-distribution shardingsphere-test-e2e-fixture shardingsphere-agent-plugin-core shardingsphere-agent-metrics-prometheus shardingsphere-test-e2e-agent-plugins-common shardingsphere-agent-logging-file shardingsphere-data-pipeline-scenario-consistencycheck shardingsphere-test-e2e-agent-plugins-logging-file shardingsphere-agent-plugins shardingsphere-proxy-frontend-spi shardingsphere-agent-tracing-opentelemetry shardingsphere-data-pipeline-postgresql shardingsphere-proxy-backend-core shardingsphere-test-e2e-transaction shardingsphere-proxy-backend-hbase shardingsphere-test-e2e-agent-plugins-jaeger shardingsphere-test-e2e-agent-jdbc-project shardingsphere-proxy-frontend-postgresql shardingsphere-agent-plugin-metrics shardingsphere-agent-metrics-type shardingsphere-test-e2e-pipeline shardingsphere-proxy-backend-opengauss org.apache.shardingsphere:shardingsphere-standalone-mode-repository-jdbc:5.5.1-SNAPSHOT is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-bootstrap@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-mysql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-zipkin@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugin-tracing@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-showprocesslist@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-logging-file@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-metrics-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-opengauss@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-distribution@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-jaeger@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugin-logging@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-metrics-prometheus@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-scenario-consistencycheck@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-opengauss@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-tracing-type@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-metrics-type@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-env@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-cdc-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-distsql-handler@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-it-pipeline@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-fixture@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-jdbc@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-tracing-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-opengauss@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-jdbc-distribution@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-postgresql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-spi@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugins@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-sql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugin-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-metrics-prometheus@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-driver@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-mysql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-postgresql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-pipeline@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-tracing-opentelemetry@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-scenario-migration@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-postgresql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-native-distribution@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-logging-type@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-transaction@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-common@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-logging-file@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-hbase@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugin-metrics@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-jdbc-project@5.5.1-SNAPSHOT Evidence Type Source Name Value Confidence Vendor file name pom High Vendor project artifactid shardingsphere-standalone-mode-repository-jdbc Low Vendor project groupid org.apache.shardingsphere Highest Product file name pom High Product project artifactid shardingsphere-standalone-mode-repository-jdbc Highest Product project groupid org.apache.shardingsphere Low
org.apache.shardingsphere:shardingsphere-system-time-service:5.5.1-SNAPSHOT org.apache.shardingsphere:shardingsphere-test-e2e-agent-plugins-common:5.5.1-SNAPSHOTDescription:
Build criterion and ecosystem above multi-model databases License:
Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/runner/work/shardingsphere-doc/shardingsphere-doc/shardingsphere/test/e2e/agent/plugins/common/pom.xml
Referenced In Projects/Scopes: shardingsphere-test-e2e-agent-plugins-zipkin shardingsphere-test-e2e-agent-plugins-jaeger shardingsphere-test-e2e-agent-plugins-metrics-prometheus shardingsphere-test-e2e-agent-plugins-logging-file org.apache.shardingsphere:shardingsphere-test-e2e-agent-plugins-common:5.5.1-SNAPSHOT is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-logging-file@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-zipkin@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-metrics-prometheus@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-jaeger@5.5.1-SNAPSHOT Evidence Type Source Name Value Confidence Vendor file name pom High Vendor project artifactid shardingsphere-test-e2e-agent-plugins-common Low Vendor project groupid org.apache.shardingsphere Highest Product file name pom High Product project artifactid shardingsphere-test-e2e-agent-plugins-common Highest Product project groupid org.apache.shardingsphere Low
org.apache.shardingsphere:shardingsphere-test-e2e-env:5.5.1-SNAPSHOTDescription:
Build criterion and ecosystem above multi-model databases License:
Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/runner/work/shardingsphere-doc/shardingsphere-doc/shardingsphere/test/e2e/env/pom.xml
Referenced In Projects/Scopes: shardingsphere-test-e2e-agent-plugins-zipkin shardingsphere-test-e2e-transaction shardingsphere-test-e2e-sql shardingsphere-test-e2e-showprocesslist shardingsphere-test-e2e-agent-plugins-jaeger shardingsphere-test-e2e-agent-plugins-metrics-prometheus shardingsphere-test-e2e-agent-plugins-common shardingsphere-test-e2e-agent-plugins-logging-file shardingsphere-test-e2e-pipeline org.apache.shardingsphere:shardingsphere-test-e2e-env:5.5.1-SNAPSHOT is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-transaction@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-logging-file@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-sql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-zipkin@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-showprocesslist@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-pipeline@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-metrics-prometheus@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-jaeger@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-common@5.5.1-SNAPSHOT Evidence Type Source Name Value Confidence Vendor file name pom High Vendor project artifactid shardingsphere-test-e2e-env Low Vendor project groupid org.apache.shardingsphere Highest Product file name pom High Product project artifactid shardingsphere-test-e2e-env Highest Product project groupid org.apache.shardingsphere Low
org.apache.shardingsphere:shardingsphere-test-e2e-fixture:5.5.1-SNAPSHOTDescription:
Build criterion and ecosystem above multi-model databases License:
Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/runner/work/shardingsphere-doc/shardingsphere-doc/shardingsphere/test/e2e/fixture/pom.xml
Referenced In Projects/Scopes: shardingsphere-test-e2e-agent-plugins-zipkin shardingsphere-test-e2e-env shardingsphere-test-e2e-transaction shardingsphere-test-e2e-sql shardingsphere-test-e2e-showprocesslist shardingsphere-test-e2e-agent-plugins-jaeger shardingsphere-test-e2e-agent-plugins-metrics-prometheus shardingsphere-test-e2e-agent-plugins-common shardingsphere-test-e2e-agent-plugins-logging-file shardingsphere-test-e2e-pipeline org.apache.shardingsphere:shardingsphere-test-e2e-fixture:5.5.1-SNAPSHOT is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-showprocesslist@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-jaeger@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-transaction@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-env@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-sql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-logging-file@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-pipeline@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-metrics-prometheus@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-common@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-zipkin@5.5.1-SNAPSHOT Evidence Type Source Name Value Confidence Vendor file name pom High Vendor project artifactid shardingsphere-test-e2e-fixture Low Vendor project groupid org.apache.shardingsphere Highest Product file name pom High Product project artifactid shardingsphere-test-e2e-fixture Highest Product project groupid org.apache.shardingsphere Low
org.apache.shardingsphere:shardingsphere-test-it-parser:5.5.1-SNAPSHOTDescription:
Build criterion and ecosystem above multi-model databases License:
Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/runner/work/shardingsphere-doc/shardingsphere-doc/shardingsphere/test/it/parser/pom.xml
Referenced In Project/Scope: shardingsphere-test-it-optimizer
org.apache.shardingsphere:shardingsphere-test-it-parser:5.5.1-SNAPSHOT is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.shardingsphere/shardingsphere-test-it-optimizer@5.5.1-SNAPSHOT
Evidence Type Source Name Value Confidence Vendor file name pom High Vendor project artifactid shardingsphere-test-it-parser Low Vendor project groupid org.apache.shardingsphere Highest Product file name pom High Product project artifactid shardingsphere-test-it-parser Highest Product project groupid org.apache.shardingsphere Low
org.apache.shardingsphere:shardingsphere-test-util:5.5.1-SNAPSHOTDescription:
Build criterion and ecosystem above multi-model databases License:
Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/runner/work/shardingsphere-doc/shardingsphere-doc/shardingsphere/test/util/pom.xml
Referenced In Projects/Scopes: shardingsphere-test-it-parser shardingsphere-test-it-optimizer org.apache.shardingsphere:shardingsphere-test-util:5.5.1-SNAPSHOT is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.shardingsphere/shardingsphere-test-it-parser@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-it-optimizer@5.5.1-SNAPSHOT Evidence Type Source Name Value Confidence Vendor file name pom High Vendor project artifactid shardingsphere-test-util Low Vendor project groupid org.apache.shardingsphere Highest Product file name pom High Product project artifactid shardingsphere-test-util Highest Product project groupid org.apache.shardingsphere Low
org.apache.shardingsphere:shardingsphere-time-service-api:5.5.1-SNAPSHOT org.apache.shardingsphere:shardingsphere-time-service-core:5.5.1-SNAPSHOT org.apache.shardingsphere:shardingsphere-transaction-api:5.5.1-SNAPSHOT org.apache.shardingsphere:shardingsphere-transaction-base-seata-at:5.5.1-SNAPSHOTDescription:
Build criterion and ecosystem above multi-model databases License:
Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/runner/work/shardingsphere-doc/shardingsphere-doc/shardingsphere/kernel/transaction/type/base/seata-at/pom.xml
Referenced In Project/Scope: shardingsphere-jdbc-distribution
org.apache.shardingsphere:shardingsphere-transaction-base-seata-at:5.5.1-SNAPSHOT is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.shardingsphere/shardingsphere-jdbc-distribution@5.5.1-SNAPSHOT
Evidence Type Source Name Value Confidence Vendor file name pom High Vendor project artifactid shardingsphere-transaction-base-seata-at Low Vendor project groupid org.apache.shardingsphere Highest Product file name pom High Product project artifactid shardingsphere-transaction-base-seata-at Highest Product project groupid org.apache.shardingsphere Low
org.apache.shardingsphere:shardingsphere-transaction-core:5.5.1-SNAPSHOT org.apache.shardingsphere:shardingsphere-transaction-distsql-handler:5.5.1-SNAPSHOTDescription:
Build criterion and ecosystem above multi-model databases License:
Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/runner/work/shardingsphere-doc/shardingsphere-doc/shardingsphere/kernel/transaction/distsql/handler/pom.xml
Referenced In Projects/Scopes: shardingsphere-agent-logging-type shardingsphere-test-e2e-fixture shardingsphere-proxy-frontend-opengauss shardingsphere-proxy-distribution shardingsphere-agent-plugin-core shardingsphere-agent-metrics-prometheus shardingsphere-agent-metrics-core shardingsphere-test-e2e-agent-plugins-metrics-prometheus shardingsphere-test-e2e-agent-plugins-common shardingsphere-agent-logging-file shardingsphere-test-e2e-agent-plugins-logging-file shardingsphere-agent-plugin-logging shardingsphere-agent-plugins shardingsphere-agent-plugin-tracing shardingsphere-proxy-frontend-spi shardingsphere-agent-tracing-opentelemetry shardingsphere-test-e2e-sql shardingsphere-proxy-backend-mysql shardingsphere-proxy-frontend-mysql shardingsphere-agent-tracing-core shardingsphere-proxy-backend-core shardingsphere-proxy-backend-postgresql shardingsphere-test-e2e-transaction shardingsphere-proxy-backend-hbase shardingsphere-proxy-bootstrap shardingsphere-test-e2e-agent-plugins-jaeger shardingsphere-proxy-frontend-postgresql shardingsphere-test-e2e-agent-plugins-zipkin shardingsphere-test-e2e-env shardingsphere-test-e2e-showprocesslist shardingsphere-agent-tracing-type shardingsphere-agent-plugin-metrics shardingsphere-proxy-frontend-core shardingsphere-agent-metrics-type shardingsphere-test-e2e-pipeline shardingsphere-proxy-native-distribution shardingsphere-proxy-backend-opengauss org.apache.shardingsphere:shardingsphere-transaction-distsql-handler:5.5.1-SNAPSHOT is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-pipeline@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-env@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-opengauss@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-sql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugin-tracing@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-logging-type@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-bootstrap@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-metrics-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugin-metrics@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-metrics-type@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-distribution@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-postgresql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugin-logging@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-fixture@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-tracing-opentelemetry@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-postgresql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-jaeger@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugin-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-opengauss@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-transaction@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-common@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-showprocesslist@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-metrics-prometheus@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugins@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-metrics-prometheus@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-mysql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-tracing-type@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-mysql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-zipkin@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-hbase@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-logging-file@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-native-distribution@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-tracing-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-logging-file@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-spi@5.5.1-SNAPSHOT Evidence Type Source Name Value Confidence Vendor file name pom High Vendor project artifactid shardingsphere-transaction-distsql-handler Low Vendor project groupid org.apache.shardingsphere Highest Product file name pom High Product project artifactid shardingsphere-transaction-distsql-handler Highest Product project groupid org.apache.shardingsphere Low
org.apache.shardingsphere:shardingsphere-transaction-distsql-parser:5.5.1-SNAPSHOTDescription:
Build criterion and ecosystem above multi-model databases License:
Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/runner/work/shardingsphere-doc/shardingsphere-doc/shardingsphere/kernel/transaction/distsql/parser/pom.xml
Referenced In Projects/Scopes: shardingsphere-agent-logging-type shardingsphere-test-e2e-fixture shardingsphere-proxy-frontend-opengauss shardingsphere-proxy-distribution shardingsphere-agent-plugin-core shardingsphere-agent-metrics-prometheus shardingsphere-agent-metrics-core shardingsphere-test-e2e-agent-plugins-metrics-prometheus shardingsphere-test-e2e-agent-plugins-common shardingsphere-agent-logging-file shardingsphere-test-e2e-agent-plugins-logging-file shardingsphere-agent-plugin-logging shardingsphere-agent-plugins shardingsphere-agent-plugin-tracing shardingsphere-proxy-frontend-spi shardingsphere-agent-tracing-opentelemetry shardingsphere-test-e2e-sql shardingsphere-proxy-backend-mysql shardingsphere-proxy-frontend-mysql shardingsphere-agent-tracing-core shardingsphere-transaction-distsql-handler shardingsphere-proxy-backend-core shardingsphere-proxy-backend-postgresql shardingsphere-test-e2e-transaction shardingsphere-proxy-backend-hbase shardingsphere-proxy-bootstrap shardingsphere-test-e2e-agent-plugins-jaeger shardingsphere-test-it-optimizer shardingsphere-proxy-frontend-postgresql shardingsphere-test-e2e-agent-plugins-zipkin shardingsphere-test-e2e-env shardingsphere-test-e2e-showprocesslist shardingsphere-agent-tracing-type shardingsphere-agent-plugin-metrics shardingsphere-proxy-frontend-core shardingsphere-agent-metrics-type shardingsphere-test-e2e-pipeline shardingsphere-test-it-parser shardingsphere-proxy-native-distribution shardingsphere-proxy-backend-opengauss org.apache.shardingsphere:shardingsphere-transaction-distsql-parser:5.5.1-SNAPSHOT is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-common@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-hbase@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-tracing-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-spi@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-opengauss@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-showprocesslist@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-logging-file@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-metrics-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-bootstrap@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-env@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-postgresql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-it-parser@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-tracing-type@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-metrics-type@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugins@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-logging-type@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-metrics-prometheus@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugin-metrics@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-jaeger@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-transaction@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-opengauss@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-sql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugin-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-postgresql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-it-optimizer@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-tracing-opentelemetry@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-pipeline@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-mysql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugin-logging@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-metrics-prometheus@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-zipkin@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-transaction-distsql-handler@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugin-tracing@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-distribution@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-logging-file@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-mysql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-fixture@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-native-distribution@5.5.1-SNAPSHOT Evidence Type Source Name Value Confidence Vendor file name pom High Vendor project artifactid shardingsphere-transaction-distsql-parser Low Vendor project groupid org.apache.shardingsphere Highest Product file name pom High Product project artifactid shardingsphere-transaction-distsql-parser Highest Product project groupid org.apache.shardingsphere Low
org.apache.shardingsphere:shardingsphere-transaction-distsql-statement:5.5.1-SNAPSHOTDescription:
Build criterion and ecosystem above multi-model databases License:
Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/runner/work/shardingsphere-doc/shardingsphere-doc/shardingsphere/kernel/transaction/distsql/statement/pom.xml
Referenced In Projects/Scopes: shardingsphere-agent-logging-type shardingsphere-test-e2e-fixture shardingsphere-proxy-frontend-opengauss shardingsphere-proxy-distribution shardingsphere-agent-plugin-core shardingsphere-agent-metrics-prometheus shardingsphere-agent-metrics-core shardingsphere-test-e2e-agent-plugins-metrics-prometheus shardingsphere-test-e2e-agent-plugins-common shardingsphere-agent-logging-file shardingsphere-test-e2e-agent-plugins-logging-file shardingsphere-agent-plugin-logging shardingsphere-agent-plugins shardingsphere-agent-plugin-tracing shardingsphere-proxy-frontend-spi shardingsphere-agent-tracing-opentelemetry shardingsphere-test-e2e-sql shardingsphere-proxy-backend-mysql shardingsphere-proxy-frontend-mysql shardingsphere-agent-tracing-core shardingsphere-transaction-distsql-handler shardingsphere-proxy-backend-core shardingsphere-proxy-backend-postgresql shardingsphere-test-e2e-transaction shardingsphere-proxy-backend-hbase shardingsphere-proxy-bootstrap shardingsphere-test-e2e-agent-plugins-jaeger shardingsphere-transaction-distsql-parser shardingsphere-test-it-optimizer shardingsphere-proxy-frontend-postgresql shardingsphere-test-e2e-agent-plugins-zipkin shardingsphere-test-e2e-env shardingsphere-test-e2e-showprocesslist shardingsphere-agent-tracing-type shardingsphere-agent-plugin-metrics shardingsphere-proxy-frontend-core shardingsphere-agent-metrics-type shardingsphere-test-e2e-pipeline shardingsphere-test-it-parser shardingsphere-proxy-native-distribution shardingsphere-proxy-backend-opengauss org.apache.shardingsphere:shardingsphere-transaction-distsql-statement:5.5.1-SNAPSHOT is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-logging-file@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugin-tracing@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-it-parser@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-bootstrap@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-sql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-metrics-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugins@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-tracing-type@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugin-metrics@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-pipeline@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-native-distribution@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-tracing-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-transaction-distsql-handler@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-mysql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-spi@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-it-optimizer@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-tracing-opentelemetry@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-metrics-prometheus@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-env@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-distribution@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-common@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-hbase@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugin-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-metrics-type@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-mysql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-postgresql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-transaction-distsql-parser@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-zipkin@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-transaction@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-jaeger@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-opengauss@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-metrics-prometheus@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-postgresql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-logging-type@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-logging-file@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-fixture@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-opengauss@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-showprocesslist@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugin-logging@5.5.1-SNAPSHOT Evidence Type Source Name Value Confidence Vendor file name pom High Vendor project artifactid shardingsphere-transaction-distsql-statement Low Vendor project groupid org.apache.shardingsphere Highest Product file name pom High Product project artifactid shardingsphere-transaction-distsql-statement Highest Product project groupid org.apache.shardingsphere Low
org.apache.shardingsphere:shardingsphere-transaction-xa-atomikos:5.5.1-SNAPSHOTDescription:
Build criterion and ecosystem above multi-model databases License:
Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/runner/work/shardingsphere-doc/shardingsphere-doc/shardingsphere/kernel/transaction/type/xa/provider/atomikos/pom.xml
Referenced In Projects/Scopes: shardingsphere-agent-logging-type shardingsphere-test-e2e-fixture shardingsphere-proxy-frontend-opengauss shardingsphere-proxy-distribution shardingsphere-agent-plugin-core shardingsphere-agent-metrics-prometheus shardingsphere-agent-metrics-core shardingsphere-test-e2e-agent-plugins-metrics-prometheus shardingsphere-test-e2e-agent-plugins-common shardingsphere-agent-logging-file shardingsphere-test-e2e-agent-plugins-logging-file shardingsphere-agent-plugin-logging shardingsphere-agent-plugins shardingsphere-agent-plugin-tracing shardingsphere-proxy-frontend-spi shardingsphere-agent-tracing-opentelemetry shardingsphere-test-e2e-sql shardingsphere-proxy-backend-mysql shardingsphere-proxy-frontend-mysql shardingsphere-agent-tracing-core shardingsphere-proxy-backend-core shardingsphere-transaction-xa-core shardingsphere-proxy-backend-postgresql shardingsphere-test-e2e-transaction shardingsphere-proxy-backend-hbase shardingsphere-proxy-bootstrap shardingsphere-test-e2e-agent-plugins-jaeger shardingsphere-proxy-frontend-postgresql shardingsphere-test-e2e-agent-plugins-zipkin shardingsphere-test-e2e-env shardingsphere-test-e2e-showprocesslist shardingsphere-agent-tracing-type shardingsphere-agent-plugin-metrics shardingsphere-proxy-frontend-core shardingsphere-agent-metrics-type shardingsphere-test-e2e-pipeline shardingsphere-proxy-native-distribution shardingsphere-proxy-backend-opengauss org.apache.shardingsphere:shardingsphere-transaction-xa-atomikos:5.5.1-SNAPSHOT is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-mysql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugins@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugin-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-metrics-type@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-logging-type@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-metrics-prometheus@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-env@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-hbase@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-mysql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-tracing-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-transaction-xa-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-fixture@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-metrics-prometheus@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-logging-file@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-postgresql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-opengauss@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-spi@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-pipeline@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugin-metrics@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-native-distribution@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-distribution@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-sql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugin-logging@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-tracing-type@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-transaction@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-bootstrap@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-postgresql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-zipkin@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-common@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugin-tracing@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-tracing-opentelemetry@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-metrics-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-opengauss@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-jaeger@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-logging-file@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-showprocesslist@5.5.1-SNAPSHOT Evidence Type Source Name Value Confidence Vendor file name pom High Vendor project artifactid shardingsphere-transaction-xa-atomikos Low Vendor project groupid org.apache.shardingsphere Highest Product file name pom High Product project artifactid shardingsphere-transaction-xa-atomikos Highest Product project groupid org.apache.shardingsphere Low
org.apache.shardingsphere:shardingsphere-transaction-xa-core:5.5.1-SNAPSHOTDescription:
Build criterion and ecosystem above multi-model databases License:
Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/runner/work/shardingsphere-doc/shardingsphere-doc/shardingsphere/kernel/transaction/type/xa/core/pom.xml
Referenced In Projects/Scopes: shardingsphere-agent-logging-type shardingsphere-test-e2e-fixture shardingsphere-proxy-frontend-opengauss shardingsphere-proxy-distribution shardingsphere-agent-plugin-core shardingsphere-agent-metrics-prometheus shardingsphere-agent-metrics-core shardingsphere-test-e2e-agent-plugins-metrics-prometheus shardingsphere-test-e2e-agent-plugins-common shardingsphere-agent-logging-file shardingsphere-test-e2e-agent-plugins-logging-file shardingsphere-agent-plugin-logging shardingsphere-agent-plugins shardingsphere-agent-plugin-tracing shardingsphere-proxy-frontend-spi shardingsphere-agent-tracing-opentelemetry shardingsphere-test-e2e-sql shardingsphere-proxy-backend-mysql shardingsphere-proxy-frontend-mysql shardingsphere-agent-tracing-core shardingsphere-proxy-backend-core shardingsphere-proxy-backend-postgresql shardingsphere-test-e2e-transaction shardingsphere-proxy-backend-hbase shardingsphere-proxy-bootstrap shardingsphere-test-e2e-agent-plugins-jaeger shardingsphere-proxy-frontend-postgresql shardingsphere-test-e2e-agent-plugins-zipkin shardingsphere-test-e2e-env shardingsphere-test-e2e-showprocesslist shardingsphere-agent-tracing-type shardingsphere-agent-plugin-metrics shardingsphere-proxy-frontend-core shardingsphere-agent-metrics-type shardingsphere-test-e2e-pipeline shardingsphere-proxy-native-distribution shardingsphere-proxy-backend-opengauss org.apache.shardingsphere:shardingsphere-transaction-xa-core:5.5.1-SNAPSHOT is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.shardingsphere/shardingsphere-agent-tracing-opentelemetry@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-zipkin@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-opengauss@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-showprocesslist@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-tracing-type@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-metrics-prometheus@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-postgresql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-opengauss@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-postgresql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-pipeline@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-hbase@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-jaeger@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-bootstrap@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-native-distribution@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-metrics-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-tracing-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-logging-file@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-env@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugin-logging@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-transaction@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-fixture@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-sql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugin-tracing@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugin-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-mysql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-spi@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugins@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-distribution@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-logging-file@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-common@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-metrics-prometheus@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugin-metrics@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-mysql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-logging-type@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-metrics-type@5.5.1-SNAPSHOT Evidence Type Source Name Value Confidence Vendor file name pom High Vendor project artifactid shardingsphere-transaction-xa-core Low Vendor project groupid org.apache.shardingsphere Highest Product file name pom High Product project artifactid shardingsphere-transaction-xa-core Highest Product project groupid org.apache.shardingsphere Low
org.apache.shardingsphere:shardingsphere-transaction-xa-narayana:5.5.1-SNAPSHOTDescription:
Build criterion and ecosystem above multi-model databases License:
Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/runner/work/shardingsphere-doc/shardingsphere-doc/shardingsphere/kernel/transaction/type/xa/provider/narayana/pom.xml
Referenced In Projects/Scopes: shardingsphere-test-e2e-transaction shardingsphere-test-e2e-fixture shardingsphere-jdbc-distribution shardingsphere-test-e2e-agent-plugins-jaeger shardingsphere-test-e2e-agent-plugins-metrics-prometheus shardingsphere-test-e2e-agent-plugins-common shardingsphere-test-e2e-agent-plugins-logging-file shardingsphere-test-e2e-agent-plugins-zipkin shardingsphere-test-e2e-env shardingsphere-test-e2e-sql shardingsphere-test-e2e-showprocesslist shardingsphere-test-e2e-pipeline org.apache.shardingsphere:shardingsphere-transaction-xa-narayana:5.5.1-SNAPSHOT is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-metrics-prometheus@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-zipkin@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-common@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-env@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-fixture@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-jaeger@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-pipeline@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-logging-file@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-jdbc-distribution@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-showprocesslist@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-sql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-transaction@5.5.1-SNAPSHOT Evidence Type Source Name Value Confidence Vendor file name pom High Vendor project artifactid shardingsphere-transaction-xa-narayana Low Vendor project groupid org.apache.shardingsphere Highest Product file name pom High Product project artifactid shardingsphere-transaction-xa-narayana Highest Product project groupid org.apache.shardingsphere Low
org.apache.shardingsphere:shardingsphere-transaction-xa-spi:5.5.1-SNAPSHOTDescription:
Build criterion and ecosystem above multi-model databases License:
Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/runner/work/shardingsphere-doc/shardingsphere-doc/shardingsphere/kernel/transaction/type/xa/spi/pom.xml
Referenced In Projects/Scopes: shardingsphere-agent-logging-type shardingsphere-test-e2e-fixture shardingsphere-proxy-frontend-opengauss shardingsphere-proxy-distribution shardingsphere-agent-plugin-core shardingsphere-jdbc-distribution shardingsphere-agent-metrics-prometheus shardingsphere-agent-metrics-core shardingsphere-test-e2e-agent-plugins-metrics-prometheus shardingsphere-test-e2e-agent-plugins-common shardingsphere-agent-logging-file shardingsphere-test-e2e-agent-plugins-logging-file shardingsphere-agent-plugin-logging shardingsphere-agent-plugins shardingsphere-agent-plugin-tracing shardingsphere-proxy-frontend-spi shardingsphere-agent-tracing-opentelemetry shardingsphere-test-e2e-sql shardingsphere-proxy-backend-mysql shardingsphere-proxy-frontend-mysql shardingsphere-agent-tracing-core shardingsphere-proxy-backend-core shardingsphere-transaction-xa-core shardingsphere-transaction-xa-narayana shardingsphere-proxy-backend-postgresql shardingsphere-test-e2e-transaction shardingsphere-transaction-xa-atomikos shardingsphere-proxy-backend-hbase shardingsphere-proxy-bootstrap shardingsphere-test-e2e-agent-plugins-jaeger shardingsphere-proxy-frontend-postgresql shardingsphere-test-e2e-agent-plugins-zipkin shardingsphere-test-e2e-env shardingsphere-test-e2e-showprocesslist shardingsphere-agent-tracing-type shardingsphere-agent-plugin-metrics shardingsphere-proxy-frontend-core shardingsphere-agent-metrics-type shardingsphere-test-e2e-pipeline shardingsphere-proxy-native-distribution shardingsphere-proxy-backend-opengauss org.apache.shardingsphere:shardingsphere-transaction-xa-spi:5.5.1-SNAPSHOT is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.shardingsphere/shardingsphere-transaction-xa-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-tracing-type@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-showprocesslist@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-opengauss@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-logging-type@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-metrics-prometheus@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-metrics-type@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-logging-file@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-distribution@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-tracing-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugin-metrics@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugin-logging@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-sql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-env@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-tracing-opentelemetry@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-mysql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugins@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-fixture@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-postgresql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-metrics-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-opengauss@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-transaction@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-transaction-xa-atomikos@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-jaeger@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-metrics-prometheus@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-mysql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugin-tracing@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-native-distribution@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-transaction-xa-narayana@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-zipkin@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-plugin-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-postgresql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-pipeline@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-jdbc-distribution@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-common@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-logging-file@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-bootstrap@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-spi@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-hbase@5.5.1-SNAPSHOT Evidence Type Source Name Value Confidence Vendor file name pom High Vendor project artifactid shardingsphere-transaction-xa-spi Low Vendor project groupid org.apache.shardingsphere Highest Product file name pom High Product project artifactid shardingsphere-transaction-xa-spi Highest Product project groupid org.apache.shardingsphere Low
osgi-resource-locator-1.0.1.jarDescription:
See http://wiki.glassfish.java.net/Wiki.jsp?page=JdkSpiOsgi for more information License:
https://glassfish.dev.java.net/nonav/public/CDDL+GPL.html File Path: /home/runner/.m2/repository/org/glassfish/hk2/osgi-resource-locator/1.0.1/osgi-resource-locator-1.0.1.jar
MD5: 51e70ad8fc9d1e9fb19debeb55555b75
SHA1: 4ed2b2d4738aed5786cfa64cba5a332779c4c708
SHA256: 775003be577e8806f51b6e442be1033d83be2cb2207227b349be0bf16e6c0843
Referenced In Project/Scope: shardingsphere-infra-database-hive:provided
osgi-resource-locator-1.0.1.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.hive/hive-jdbc@3.1.3
Evidence Type Source Name Value Confidence Vendor file name osgi-resource-locator High Vendor jar package name glassfish Highest Vendor jar package name hk2 Highest Vendor Manifest bundle-activationpolicy lazy Low Vendor Manifest bundle-docurl https://glassfish.dev.java.net Low Vendor Manifest bundle-symbolicname org.glassfish.hk2.osgi-resource-locator Medium Vendor pom artifactid osgi-resource-locator Highest Vendor pom artifactid osgi-resource-locator Low Vendor pom developer id ss141213 Medium Vendor pom developer name Sahoo Medium Vendor pom developer org Sun Microsystems, Inc. Medium Vendor pom groupid org.glassfish.hk2 Highest Vendor pom name OSGi resource locator bundle - used by various API providers that rely on META-INF/services mechanism to locate providers. High Vendor pom parent-artifactid pom Low Vendor pom parent-groupid org.glassfish Medium Product file name osgi-resource-locator High Product jar package name glassfish Highest Product jar package name hk2 Highest Product Manifest bundle-activationpolicy lazy Low Product Manifest bundle-docurl https://glassfish.dev.java.net Low Product Manifest Bundle-Name OSGi resource locator bundle - used by various API providers that rely on META-INF/services mechanism to locate providers. Medium Product Manifest bundle-symbolicname org.glassfish.hk2.osgi-resource-locator Medium Product pom artifactid osgi-resource-locator Highest Product pom developer id ss141213 Low Product pom developer name Sahoo Low Product pom developer org Sun Microsystems, Inc. Low Product pom groupid org.glassfish.hk2 Highest Product pom name OSGi resource locator bundle - used by various API providers that rely on META-INF/services mechanism to locate providers. High Product pom parent-artifactid pom Medium Product pom parent-groupid org.glassfish Medium Version file version 1.0.1 High Version Manifest Bundle-Version 1.0.1 High Version pom parent-version 1.0.1 Low Version pom version 1.0.1 Highest
paranamer-2.7.jarDescription:
Paranamer allows runtime access to constructor and method parameter names for Java classes License:
LICENSE.txt File Path: /home/runner/.m2/repository/com/thoughtworks/paranamer/paranamer/2.7/paranamer-2.7.jar
MD5: 5707a297363249fffe38e8189cd6f9cb
SHA1: 3ed64c69e882a324a75e890024c32a28aff0ade8
SHA256: 63e3f53f8f70784b65c25b2ee475813979d6d0e7f7b2510b364c4e1f4a803ccc
Referenced In Project/Scope: shardingsphere-infra-database-hive:provided
paranamer-2.7.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.hive/hive-jdbc@3.1.3
Evidence Type Source Name Value Confidence Vendor file name paranamer High Vendor jar package name paranamer Highest Vendor jar package name thoughtworks Highest Vendor Manifest bundle-symbolicname com.thoughtworks.paranamer Medium Vendor pom artifactid paranamer Highest Vendor pom artifactid paranamer Low Vendor pom groupid com.thoughtworks.paranamer Highest Vendor pom name ParaNamer Core High Vendor pom parent-artifactid paranamer-parent Low Product file name paranamer High Product jar package name paranamer Highest Product jar package name thoughtworks Highest Product Manifest Bundle-Name ParaNamer Core Medium Product Manifest bundle-symbolicname com.thoughtworks.paranamer Medium Product pom artifactid paranamer Highest Product pom groupid com.thoughtworks.paranamer Highest Product pom name ParaNamer Core High Product pom parent-artifactid paranamer-parent Medium Version file version 2.7 High Version pom version 2.7 Highest
perfmark-api-0.26.0.jarDescription:
PerfMark API License:
Apache 2.0: https://opensource.org/licenses/Apache-2.0 File Path: /home/runner/.m2/repository/io/perfmark/perfmark-api/0.26.0/perfmark-api-0.26.0.jar
MD5: e80301eb310a53b2047e30db7964bce1
SHA1: ef65452adaf20bf7d12ef55913aba24037b82738
SHA256: b7d23e93a34537ce332708269a0d1404788a5b5e1949e82f5535fce51b3ea95b
Referenced In Projects/Scopes: shardingsphere-proxy-native-distribution:runtime shardingsphere-test-e2e-agent-plugins-zipkin:runtime shardingsphere-agent-metrics-core:provided shardingsphere-test-e2e-agent-plugins-metrics-prometheus:runtime shardingsphere-test-e2e-env:runtime shardingsphere-test-e2e-pipeline:runtime shardingsphere-agent-metrics-prometheus:provided shardingsphere-test-e2e-showprocesslist:runtime shardingsphere-test-e2e-fixture:runtime shardingsphere-jdbc-distribution:runtime shardingsphere-proxy-bootstrap:runtime shardingsphere-test-e2e-agent-plugins-jaeger:runtime shardingsphere-test-e2e-transaction:runtime shardingsphere-cluster-mode-repository-etcd:runtime shardingsphere-test-e2e-agent-plugins-common:runtime shardingsphere-test-e2e-sql:runtime shardingsphere-test-e2e-agent-plugins-logging-file:runtime shardingsphere-proxy-distribution:runtime perfmark-api-0.26.0.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/io.etcd/jetcd-core@0.7.7 pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-common@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-fixture@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-fixture@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-env@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-common@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-common@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-env@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-bootstrap@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-bootstrap@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-cluster-mode-repository-etcd@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-bootstrap@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-common@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-bootstrap@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-bootstrap@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-cluster-mode-repository-etcd@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-bootstrap@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-bootstrap@5.5.1-SNAPSHOT Evidence Type Source Name Value Confidence Vendor file name perfmark-api High Vendor jar package name io Highest Vendor jar package name perfmark Highest Vendor Manifest automatic-module-name io.perfmark Medium Vendor Manifest carl-is-awesome true Low Vendor Manifest implementation-url https://www.perfmark.io/ Low Vendor Manifest Implementation-Vendor Carl Mastrangelo High Vendor pom artifactid perfmark-api Highest Vendor pom artifactid perfmark-api Low Vendor pom developer email carl@carlmastrangelo.com Low Vendor pom developer id carl-mastrangelo Medium Vendor pom developer name Carl Mastrangelo Medium Vendor pom groupid io.perfmark Highest Vendor pom name perfmark:perfmark-api High Vendor pom url perfmark/perfmark Highest Product file name perfmark-api High Product jar package name io Highest Product jar package name perfmark Highest Product Manifest automatic-module-name io.perfmark Medium Product Manifest carl-is-awesome true Low Product Manifest Implementation-Title PerfMark High Product Manifest implementation-url https://www.perfmark.io/ Low Product pom artifactid perfmark-api Highest Product pom developer email carl@carlmastrangelo.com Low Product pom developer id carl-mastrangelo Low Product pom developer name Carl Mastrangelo Low Product pom groupid io.perfmark Highest Product pom name perfmark:perfmark-api High Product pom url perfmark/perfmark High Version file version 0.26.0 High Version Manifest Implementation-Version 0.26.0 High Version pom version 0.26.0 Highest
postgresql-42.7.2.jarDescription:
PostgreSQL JDBC Driver Postgresql License:
BSD-2-Clause: https://jdbc.postgresql.org/about/license.html File Path: /home/runner/.m2/repository/org/postgresql/postgresql/42.7.2/postgresql-42.7.2.jar
MD5: bb897217989c97a463d8f571069d158a
SHA1: 86ed42574cd68662b05d3b00432a34e9a34cb12c
SHA256: 0c244ac7d02cf89d8e29852eace6595d75bc4d78581b85b2768460081646a57b
Referenced In Projects/Scopes: shardingsphere-proxy-native-distribution:runtime shardingsphere-test-e2e-fixture:runtime shardingsphere-proxy-frontend-postgresql:provided shardingsphere-data-pipeline-postgresql:provided shardingsphere-proxy-bootstrap:runtime shardingsphere-postgresql-protocol:compile shardingsphere-proxy-distribution:runtime shardingsphere-postgresql-dialect-exception:provided postgresql-42.7.2.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-postgresql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-postgresql-dialect-exception@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-distribution@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-native-distribution@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-postgresql-protocol@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-fixture@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-postgresql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-bootstrap@5.5.1-SNAPSHOT Evidence Type Source Name Value Confidence Vendor file name postgresql High Vendor jar package name driver Highest Vendor jar package name jdbc Highest Vendor jar package name postgresql Highest Vendor Manifest automatic-module-name org.postgresql.jdbc Medium Vendor Manifest bundle-copyright Copyright (c) 2003-2020, PostgreSQL Global Development Group Low Vendor Manifest bundle-docurl https://jdbc.postgresql.org/ Low Vendor Manifest bundle-symbolicname org.postgresql.jdbc Medium Vendor Manifest Implementation-Vendor PostgreSQL Global Development Group High Vendor Manifest Implementation-Vendor-Id org.postgresql Medium Vendor Manifest provide-capability osgi.service;effective:=active;objectClass="org.osgi.service.jdbc.DataSourceFactory";osgi.jdbc.driver.class="org.postgresql.Driver";osgi.jdbc.driver.name="PostgreSQL JDBC Driver" Low Vendor Manifest specification-vendor Oracle Corporation Low Vendor pom artifactid postgresql Highest Vendor pom artifactid postgresql Low Vendor pom developer id bokken Medium Vendor pom developer id davecramer Medium Vendor pom developer id jurka Medium Vendor pom developer id oliver Medium Vendor pom developer id ringerc Medium Vendor pom developer id vlsi Medium Vendor pom developer name Brett Okken Medium Vendor pom developer name Craig Ringer Medium Vendor pom developer name Dave Cramer Medium Vendor pom developer name Kris Jurka Medium Vendor pom developer name Oliver Jowett Medium Vendor pom developer name Vladimir Sitnikov Medium Vendor pom groupid org.postgresql Highest Vendor pom name PostgreSQL JDBC Driver High Vendor pom organization name PostgreSQL Global Development Group High Vendor pom organization url https://jdbc.postgresql.org/ Medium Vendor pom url https://jdbc.postgresql.org Highest Product file name postgresql High Product hint analyzer product pgjdbc Highest Product hint analyzer product postgresql_jdbc_driver Highest Product jar package name driver Highest Product jar package name jdbc Highest Product jar package name osgi Highest Product jar package name postgresql Highest Product Manifest automatic-module-name org.postgresql.jdbc Medium Product Manifest bundle-copyright Copyright (c) 2003-2020, PostgreSQL Global Development Group Low Product Manifest bundle-docurl https://jdbc.postgresql.org/ Low Product Manifest Bundle-Name PostgreSQL JDBC Driver Medium Product Manifest bundle-symbolicname org.postgresql.jdbc Medium Product Manifest Implementation-Title PostgreSQL JDBC Driver High Product Manifest provide-capability osgi.service;effective:=active;objectClass="org.osgi.service.jdbc.DataSourceFactory";osgi.jdbc.driver.class="org.postgresql.Driver";osgi.jdbc.driver.name="PostgreSQL JDBC Driver" Low Product Manifest specification-title JDBC Medium Product pom artifactid postgresql Highest Product pom developer id bokken Low Product pom developer id davecramer Low Product pom developer id jurka Low Product pom developer id oliver Low Product pom developer id ringerc Low Product pom developer id vlsi Low Product pom developer name Brett Okken Low Product pom developer name Craig Ringer Low Product pom developer name Dave Cramer Low Product pom developer name Kris Jurka Low Product pom developer name Oliver Jowett Low Product pom developer name Vladimir Sitnikov Low Product pom groupid org.postgresql Highest Product pom name PostgreSQL JDBC Driver High Product pom organization name PostgreSQL Global Development Group Low Product pom organization url https://jdbc.postgresql.org/ Low Product pom url https://jdbc.postgresql.org Medium Version file version 42.7.2 High Version Manifest Bundle-Version 42.7.2 High Version Manifest Implementation-Version 42.7.2 High Version pom version 42.7.2 Highest
presto-jdbc-0.282.jarFile Path: /home/runner/.m2/repository/com/facebook/presto/presto-jdbc/0.282/presto-jdbc-0.282.jarMD5: c96a0da98580dac9721fe7e0a4baa6c4SHA1: 5b9f9309e1604f3e91e3445582d14d35bee94241SHA256: b37280970b2fc7d857b463b1beb74e94b891e71eaca2c5ce36865db932f3a81fReferenced In Project/Scope: shardingsphere-infra-database-presto:runtimepresto-jdbc-0.282.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.shardingsphere/shardingsphere-infra-database-presto@5.5.1-SNAPSHOT
Evidence Type Source Name Value Confidence Vendor file name presto-jdbc High Vendor jar package name facebook Highest Vendor jar package name jdbc Highest Vendor jar package name presto Highest Vendor Manifest build-time 2023-06-10T05:21:01+0000 Low Vendor Manifest git-commit-id e1f2c2288d807c04b0ce8e50d5cb142102f01d96 Low Vendor Manifest Implementation-Vendor-Id com.facebook.presto Medium Vendor pom artifactid presto-jdbc Highest Vendor pom artifactid presto-jdbc Low Vendor pom groupid com.facebook.presto Highest Vendor pom name presto-jdbc High Vendor pom parent-artifactid presto-root Low Product file name presto-jdbc High Product jar package name facebook Highest Product jar package name jdbc Highest Product jar package name presto Highest Product Manifest build-time 2023-06-10T05:21:01+0000 Low Product Manifest git-commit-id e1f2c2288d807c04b0ce8e50d5cb142102f01d96 Low Product Manifest Implementation-Title presto-jdbc High Product Manifest specification-title presto-jdbc Medium Product pom artifactid presto-jdbc Highest Product pom groupid com.facebook.presto Highest Product pom name presto-jdbc High Product pom parent-artifactid presto-root Medium Version file version 0.282 High Version pom version 0.282 Highest
proj4j-1.2.2.jar proto-google-common-protos-2.22.0.jarDescription:
PROTO library for proto-google-common-protos License:
Apache-2.0: https://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/runner/.m2/repository/com/google/api/grpc/proto-google-common-protos/2.22.0/proto-google-common-protos-2.22.0.jar
MD5: 1e220467fe6d7016b8dbf2e2cef36582
SHA1: 627126f6a05085dab0caba68dcdad118512975ef
SHA256: 002eebc53d27e4fb2e8cf823ea1f3565b90c4b0b4380ff508bf61bd42f2be0d3
Referenced In Projects/Scopes: shardingsphere-proxy-distribution:compile shardingsphere-test-e2e-agent-plugins-metrics-prometheus:compile shardingsphere-test-e2e-transaction:compile shardingsphere-test-e2e-agent-plugins-jaeger:compile shardingsphere-agent-metrics-core:provided shardingsphere-proxy-native-distribution:compile shardingsphere-test-e2e-sql:compile shardingsphere-agent-metrics-prometheus:provided shardingsphere-test-e2e-agent-plugins-logging-file:compile shardingsphere-cluster-mode-repository-etcd:compile shardingsphere-test-e2e-agent-plugins-common:compile shardingsphere-jdbc-distribution:compile shardingsphere-test-e2e-env:compile shardingsphere-test-e2e-fixture:compile shardingsphere-proxy-bootstrap:compile shardingsphere-test-e2e-agent-plugins-zipkin:compile shardingsphere-test-e2e-pipeline:compile shardingsphere-test-e2e-showprocesslist:compile proto-google-common-protos-2.22.0.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-env@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-bootstrap@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-common@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-cluster-mode-repository-etcd@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-bootstrap@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-bootstrap@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-bootstrap@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-fixture@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-fixture@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-env@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-bootstrap@5.5.1-SNAPSHOT pkg:maven/io.etcd/jetcd-core@0.7.7 pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-common@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-bootstrap@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-common@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-bootstrap@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-cluster-mode-repository-etcd@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-common@5.5.1-SNAPSHOT Evidence Type Source Name Value Confidence Vendor file name proto-google-common-protos High Vendor jar package name api Highest Vendor jar package name google Highest Vendor Manifest artifactid proto-google-common-protos Low Vendor Manifest build-jdk-spec 17 Low Vendor Manifest Implementation-Vendor Google LLC High Vendor Manifest specification-vendor Google LLC Low Vendor pom artifactid proto-google-common-protos Highest Vendor pom artifactid proto-google-common-protos Low Vendor pom developer email chingor@google.com Low Vendor pom developer id chingor Medium Vendor pom developer name Jeff Ching Medium Vendor pom developer org Google Medium Vendor pom groupid com.google.api.grpc Highest Vendor pom name proto-google-common-protos High Vendor pom organization name Google LLC High Vendor pom url googleapis/sdk-platform-java Highest Product file name proto-google-common-protos High Product jar package name api Highest Product jar package name google Highest Product Manifest artifactid proto-google-common-protos Low Product Manifest build-jdk-spec 17 Low Product Manifest Implementation-Title proto-google-common-protos High Product Manifest specification-title proto-google-common-protos Medium Product pom artifactid proto-google-common-protos Highest Product pom developer email chingor@google.com Low Product pom developer id chingor Low Product pom developer name Jeff Ching Low Product pom developer org Google Low Product pom groupid com.google.api.grpc Highest Product pom name proto-google-common-protos High Product pom organization name Google LLC Low Product pom url googleapis/sdk-platform-java High Version file version 2.22.0 High Version Manifest Implementation-Version 2.22.0 High Version Manifest version 2.22.0 Medium Version pom version 2.22.0 Highest
protobuf-java-3.21.12.jar quartz-2.3.2.jarDescription:
Enterprise Job Scheduler License:
http://www.apache.org/licenses/LICENSE-2.0.txt
Apache Software License, Version 2.0 File Path: /home/runner/.m2/repository/org/quartz-scheduler/quartz/2.3.2/quartz-2.3.2.jar
MD5: d7299dbaec0e0ed7af281b07cc40c8c1
SHA1: 18a6d6b5a40b77bd060b34cb9f2acadc4bae7c8a
SHA256: 639c6a675bc472e1568df9d8c954ff702da6f83ed27da0ff9a7bd12ed73b8bf0
Referenced In Projects/Scopes: shardingsphere-proxy-backend-opengauss:compile shardingsphere-data-pipeline-scenario-consistencycheck:compile shardingsphere-test-e2e-agent-plugins-metrics-prometheus:compile shardingsphere-test-e2e-agent-plugins-jaeger:compile shardingsphere-agent-metrics-core:provided shardingsphere-proxy-backend-postgresql:compile shardingsphere-agent-logging-type:provided shardingsphere-proxy-native-distribution:compile shardingsphere-agent-tracing-core:provided shardingsphere-test-e2e-sql:compile shardingsphere-data-pipeline-cdc-core:compile shardingsphere-proxy-backend-hbase:compile shardingsphere-data-pipeline-postgresql:compile shardingsphere-agent-logging-file:provided shardingsphere-data-pipeline-mysql:compile shardingsphere-test-e2e-env:compile shardingsphere-test-e2e-fixture:compile shardingsphere-agent-plugin-core:provided shardingsphere-test-e2e-agent-plugins-zipkin:compile shardingsphere-proxy-frontend-opengauss:compile shardingsphere-agent-plugin-logging:provided shardingsphere-proxy-backend-core:compile shardingsphere-test-it-pipeline:compile shardingsphere-test-e2e-showprocesslist:compile shardingsphere-proxy-distribution:compile shardingsphere-test-e2e-transaction:compile shardingsphere-agent-metrics-type:provided shardingsphere-agent-tracing-opentelemetry:provided shardingsphere-data-pipeline-opengauss:compile shardingsphere-proxy-frontend-postgresql:compile shardingsphere-data-pipeline-core:compile shardingsphere-agent-metrics-prometheus:provided shardingsphere-proxy-frontend-mysql:compile shardingsphere-test-e2e-agent-plugins-logging-file:compile shardingsphere-test-e2e-agent-plugins-common:compile shardingsphere-schedule-core:compile shardingsphere-agent-tracing-type:provided shardingsphere-proxy-frontend-core:compile shardingsphere-proxy-bootstrap:compile shardingsphere-proxy-frontend-spi:compile shardingsphere-data-pipeline-distsql-handler:compile shardingsphere-agent-plugin-metrics:provided shardingsphere-agent-plugins:provided shardingsphere-data-pipeline-scenario-migration:compile shardingsphere-agent-plugin-tracing:provided shardingsphere-proxy-backend-mysql:compile shardingsphere-test-e2e-pipeline:compile quartz-2.3.2.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-mysql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-postgresql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-bootstrap@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-common@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-common@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-bootstrap@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-schedule-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-common@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-common@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere.elasticjob/elasticjob-lite-core@3.0.4 pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-fixture@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere.elasticjob/elasticjob-lite-core@3.0.4 pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-fixture@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-scenario-consistencycheck@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-bootstrap@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-postgresql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-env@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-env@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT Evidence Type Source Name Value Confidence Vendor file name quartz High Vendor hint analyzer vendor softwareag Highest Vendor jar package name job Highest Vendor jar package name quartz Highest Vendor jar package name scheduler Highest Vendor Manifest bundle-docurl http://www.terracotta.org Low Vendor Manifest bundle-requiredexecutionenvironment JavaSE-1.6 Low Vendor Manifest bundle-symbolicname org.quartz-scheduler.quartz Medium Vendor Manifest terracotta-name quartz Medium Vendor Manifest terracotta-projectstatus Supported Low Vendor pom artifactid quartz Highest Vendor pom artifactid quartz Low Vendor pom groupid org.quartz-scheduler Highest Vendor pom name quartz High Vendor pom parent-artifactid quartz-parent Low Product file name quartz High Product jar package name job Highest Product jar package name quartz Highest Product jar package name scheduler Highest Product jar package name terracotta Highest Product Manifest bundle-docurl http://www.terracotta.org Low Product Manifest Bundle-Name quartz Medium Product Manifest bundle-requiredexecutionenvironment JavaSE-1.6 Low Product Manifest bundle-symbolicname org.quartz-scheduler.quartz Medium Product Manifest terracotta-name quartz Medium Product Manifest terracotta-projectstatus Supported Low Product pom artifactid quartz Highest Product pom groupid org.quartz-scheduler Highest Product pom name quartz High Product pom parent-artifactid quartz-parent Medium Version file version 2.3.2 High Version Manifest Bundle-Version 2.3.2 High Version pom version 2.3.2 Highest
CVE-2023-39017 suppress
quartz-jobs 2.3.2 and below was discovered to contain a code injection vulnerability in the component org.quartz.jobs.ee.jms.SendQueueMessageJob.execute. This vulnerability is exploited via passing an unchecked argument. NOTE: this is disputed by multiple parties because it is not plausible that untrusted user input would reach the code location where injection must occur. CWE-94 Improper Control of Generation of Code ('Code Injection')
CVSSv3:
Base Score: CRITICAL (9.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:3.9/RC:R/MAV:A References:
Vulnerable Software & Versions:
seata-all-2.0.0.jarDescription:
Seata is an easy-to-use, high-performance, java based, open source distributed transaction solution. License:
Apache License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0 File Path: /home/runner/.m2/repository/io/seata/seata-all/2.0.0/seata-all-2.0.0.jar
MD5: 5955e1597ba483cb65f7229043115420
SHA1: e72725b1c714522b0323d980fdb1c1578560d7f1
SHA256: a18d83a51d4ba6a69848ad05366aa8b830610e77d18fcf284cb5b1285a831b75
Referenced In Project/Scope: shardingsphere-transaction-base-seata-at:provided
seata-all-2.0.0.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.shardingsphere/shardingsphere-transaction-base-seata-at@5.5.1-SNAPSHOT
Evidence Type Source Name Value Confidence Vendor file name seata-all High Vendor jar package name io Highest Vendor jar package name seata Highest Vendor Manifest build-jdk-spec 1.8 Low Vendor Manifest implementation-build 2023-11-20T16:10:58Z Low Vendor Manifest Implementation-Vendor Seata High Vendor Manifest specification-vendor Seata Low Vendor pom artifactid seata-all Highest Vendor pom artifactid seata-all Low Vendor pom developer email dev-seata@googlegroups.com Low Vendor pom developer id Seata Medium Vendor pom developer name Seata Medium Vendor pom groupid io.seata Highest Vendor pom name Seata All-in-one 2.0.0 High Vendor pom organization name Seata High Vendor pom organization url seata Medium Vendor pom url https://seata.io Highest Product file name seata-all High Product jar package name io Highest Product jar package name seata Highest Product Manifest build-jdk-spec 1.8 Low Product Manifest implementation-build 2023-11-20T16:10:58Z Low Product Manifest Implementation-Title Seata All-in-one 2.0.0 High Product Manifest specification-title Seata All-in-one 2.0.0 Medium Product pom artifactid seata-all Highest Product pom developer email dev-seata@googlegroups.com Low Product pom developer id Seata Low Product pom developer name Seata Low Product pom groupid io.seata Highest Product pom name Seata All-in-one 2.0.0 High Product pom organization name Seata Low Product pom url https://seata.io Medium Product pom url seata High Version file version 2.0.0 High Version Manifest Implementation-Version 2.0.0 High Version pom version 2.0.0 Highest
simpleclient_httpserver-0.11.0.jarDescription:
Httpserver exposition for the simpleclient.
License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/runner/.m2/repository/io/prometheus/simpleclient_httpserver/0.11.0/simpleclient_httpserver-0.11.0.jar
MD5: dea83a74d906512f523a5c881d8ee5ca
SHA1: a1ae6c343a41cc9afa95117ffade7ac26a18e01d
SHA256: de2c12b90c586425b6fcb9b9a716973b2e328b421a314230f16a3060eeaeb31a
Referenced In Projects/Scopes: shardingsphere-agent-metrics-prometheus:compile shardingsphere-agent-distribution:compile simpleclient_httpserver-0.11.0.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.shardingsphere/shardingsphere-agent-metrics-prometheus@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-agent-metrics-prometheus@5.5.1-SNAPSHOT Evidence Type Source Name Value Confidence Vendor file name simpleclient_httpserver High Vendor jar package name io Highest Vendor jar package name prometheus Highest Vendor Manifest bundle-symbolicname io.prometheus.simpleclient_httpserver Medium Vendor pom artifactid simpleclient_httpserver Highest Vendor pom artifactid simpleclient_httpserver Low Vendor pom developer email brian.brazil@robustperception.io Low Vendor pom developer id brian-brazil Medium Vendor pom developer name Brian Brazil Medium Vendor pom groupid io.prometheus Highest Vendor pom name Prometheus Java Simpleclient Httpserver High Vendor pom parent-artifactid parent Low Product file name simpleclient_httpserver High Product jar package name io Highest Product jar package name prometheus Highest Product Manifest Bundle-Name Prometheus Java Simpleclient Httpserver Medium Product Manifest bundle-symbolicname io.prometheus.simpleclient_httpserver Medium Product pom artifactid simpleclient_httpserver Highest Product pom developer email brian.brazil@robustperception.io Low Product pom developer id brian-brazil Low Product pom developer name Brian Brazil Low Product pom groupid io.prometheus Highest Product pom name Prometheus Java Simpleclient Httpserver High Product pom parent-artifactid parent Medium Version file version 0.11.0 High Version Manifest Bundle-Version 0.11.0 High Version pom version 0.11.0 Highest
Related Dependencies simpleclient-0.11.0.jarFile Path: /home/runner/.m2/repository/io/prometheus/simpleclient/0.11.0/simpleclient-0.11.0.jar MD5: 8a9b3b745aa8297c76b471eae4b55417 SHA1: 76338f1eba5d216efb9342137be9353ea9268d62 SHA256: dee025612a2bec65bb813eaf6830221ded9d44733d5c90855dbdcdf559f209eb pkg:maven/io.prometheus/simpleclient@0.11.0 simpleclient_common-0.11.0.jarFile Path: /home/runner/.m2/repository/io/prometheus/simpleclient_common/0.11.0/simpleclient_common-0.11.0.jar MD5: da2c4204346e086fa54f17a5ebb39194 SHA1: 32371ed0bcf87405156ea341b1e08470668488c5 SHA256: 960e071815b21daeb86d4188a2721e01b6895b9b94f43b6e4ab8532a2e7c7441 pkg:maven/io.prometheus/simpleclient_common@0.11.0 simpleclient_hotspot-0.11.0.jarFile Path: /home/runner/.m2/repository/io/prometheus/simpleclient_hotspot/0.11.0/simpleclient_hotspot-0.11.0.jar MD5: ed777c9d7ab78c391f5bd28f2e50bfe0 SHA1: e661dfd82f75e3c45e5f45954885d2f2793f7822 SHA256: 96a349c370007786c611257bce66930a4ab749146d360098069b9a50d478b4fd pkg:maven/io.prometheus/simpleclient_hotspot@0.11.0 simpleclient_tracer_common-0.11.0.jarFile Path: /home/runner/.m2/repository/io/prometheus/simpleclient_tracer_common/0.11.0/simpleclient_tracer_common-0.11.0.jar MD5: 87caa38f2e1b088bb7393903424da21f SHA1: eb4d97795ff70c3503b617455387cb216ca75621 SHA256: c8ccd2c9f6d2a69c76a269e24576ddbc90f9a9d59d563ec70bdc9088689fb96b pkg:maven/io.prometheus/simpleclient_tracer_common@0.11.0 simpleclient_tracer_otel-0.11.0.jarFile Path: /home/runner/.m2/repository/io/prometheus/simpleclient_tracer_otel/0.11.0/simpleclient_tracer_otel-0.11.0.jar MD5: ef07568e451f28eee45e3083c79bcc3c SHA1: b3ecd4d02e9e41de9f25490c6821c282ac5b1a2b SHA256: 9eb3a7f3e429b43b679e53404cdbb56bf110a6e3ca818069c799b23de4eafeb2 pkg:maven/io.prometheus/simpleclient_tracer_otel@0.11.0 simpleclient_tracer_otel_agent-0.11.0.jarFile Path: /home/runner/.m2/repository/io/prometheus/simpleclient_tracer_otel_agent/0.11.0/simpleclient_tracer_otel_agent-0.11.0.jar MD5: 2cfb62d029f02f9fe8d5e05115e828f7 SHA1: 75ba2ffb19ae704d1f9fb8b8b77dc1d3eab760a1 SHA256: b6193a52797ae7ebb0d8935925c51749b523f7b291124c00e8eadd8319ae41e4 pkg:maven/io.prometheus/simpleclient_tracer_otel_agent@0.11.0 sketches-core-0.9.0.jar slf4j-api-1.7.36.jar slf4j-log4j12-1.7.25.jarDescription:
SLF4J LOG4J-12 Binding File Path: /home/runner/.m2/repository/org/slf4j/slf4j-log4j12/1.7.25/slf4j-log4j12-1.7.25.jarMD5: 7f16ba3b1ab6a781c3f6887eae7b608dSHA1: 110cefe2df103412849d72ef7a67e4e91e4266b4SHA256: ddb343954deb6f046f862606c534178730c02ed23d0b7f6ca1012c1e3fa74273Referenced In Project/Scope: shardingsphere-proxy-backend-hbase:compileslf4j-log4j12-1.7.25.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.hbase/hbase-shaded-client@1.7.1
Evidence Type Source Name Value Confidence Vendor file name slf4j-log4j12 High Vendor jar package name log4j Highest Vendor jar package name slf4j Highest Vendor Manifest bundle-requiredexecutionenvironment J2SE-1.5 Low Vendor Manifest bundle-symbolicname slf4j.log4j12 Medium Vendor pom artifactid slf4j-log4j12 Highest Vendor pom artifactid slf4j-log4j12 Low Vendor pom groupid org.slf4j Highest Vendor pom name SLF4J LOG4J-12 Binding High Vendor pom parent-artifactid slf4j-parent Low Vendor pom url http://www.slf4j.org Highest Product file name slf4j-log4j12 High Product jar package name log4j Highest Product jar package name slf4j Highest Product Manifest Bundle-Name slf4j-log4j12 Medium Product Manifest bundle-requiredexecutionenvironment J2SE-1.5 Low Product Manifest bundle-symbolicname slf4j.log4j12 Medium Product Manifest Implementation-Title slf4j-log4j12 High Product pom artifactid slf4j-log4j12 Highest Product pom groupid org.slf4j Highest Product pom name SLF4J LOG4J-12 Binding High Product pom parent-artifactid slf4j-parent Medium Product pom url http://www.slf4j.org Medium Version file version 1.7.25 High Version Manifest Bundle-Version 1.7.25 High Version Manifest Implementation-Version 1.7.25 High Version pom version 1.7.25 Highest
snakeyaml-2.2.jar snappy-java-1.1.1.3.jarDescription:
snappy-java: A fast compression/decompression library License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/runner/.m2/repository/org/xerial/snappy/snappy-java/1.1.1.3/snappy-java-1.1.1.3.jar
MD5: a73387268491e264935ea46e49011ed0
SHA1: fbd7b0b8400ebd0d6a2c61493f39530a93d9c4b6
SHA256: 4882736281544083b7d140d03b7346b9ecda834df886561ad3eae25375034592
Referenced In Project/Scope: shardingsphere-infra-database-hive:provided
snappy-java-1.1.1.3.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.hive/hive-jdbc@3.1.3
Evidence Type Source Name Value Confidence Vendor file name snappy-java High Vendor jar package name snappy Highest Vendor jar package name xerial Highest Vendor Manifest bundle-activationpolicy lazy Low Vendor Manifest bundle-docurl http://www.xerial.org/ Low Vendor Manifest bundle-nativecode org/xerial/snappy/native/Windows/x86_64/snappyjava.dll;osname=win32;processor=x86-64,org/xerial/snappy/native/Windows/x86/snappyjava.dll;osname=win32;processor=x86,org/xerial/snappy/native/Mac/x86/libsnappyjava.jnilib;osname=macosx;processor=x86,org/xerial/snappy/native/Mac/x86_64/libsnappyjava.jnilib;osname=macosx;processor=x86-64,org/xerial/snappy/native/Linux/x86_64/libsnappyjava.so;osname=linux;processor=x86-64,org/xerial/snappy/native/Linux/x86/libsnappyjava.so;osname=linux;processor=x86,org/xerial/snappy/native/Linux/arm/libsnappyjava.so;osname=linux;processor=arm,org/xerial/snappy/native/Linux/ppc64/libsnappyjava.so;osname=linux;processor=ppc64,org/xerial/snappy/native/Linux/ppc64le/libsnappyjava.so;osname=linux;processor=ppc64le,org/xerial/snappy/native/AIX/ppc64/libsnappyjava.a;osname=aix;processor=ppc64,org/xerial/snappy/native/SunOS/x86/libsnappyjava.so;osname=sunos;processor=x86,org/xerial/snappy/native/SunOS/x86_64/libsnappyjava.so;osname=sunos;processor=x86-64,org/xerial/snappy/native/SunOS/sparc/libsnappyjava.so;osname=sunos;processor=sparc Low Vendor Manifest bundle-symbolicname org.xerial.snappy.snappy-java Medium Vendor pom artifactid snappy-java Highest Vendor pom artifactid snappy-java Low Vendor pom developer email leo@xerial.org Low Vendor pom developer id leo Medium Vendor pom developer name Taro L. Saito Medium Vendor pom developer org Xerial Project Medium Vendor pom groupid org.xerial.snappy Highest Vendor pom name snappy-java High Vendor pom organization name xerial.org High Vendor pom url https://github.comm/xerial/snappy-java Highest Product file name snappy-java High Product jar package name snappy Highest Product jar package name xerial Highest Product Manifest bundle-activationpolicy lazy Low Product Manifest bundle-docurl http://www.xerial.org/ Low Product Manifest Bundle-Name snappy-java: A fast compression/decompression library Medium Product Manifest bundle-nativecode org/xerial/snappy/native/Windows/x86_64/snappyjava.dll;osname=win32;processor=x86-64,org/xerial/snappy/native/Windows/x86/snappyjava.dll;osname=win32;processor=x86,org/xerial/snappy/native/Mac/x86/libsnappyjava.jnilib;osname=macosx;processor=x86,org/xerial/snappy/native/Mac/x86_64/libsnappyjava.jnilib;osname=macosx;processor=x86-64,org/xerial/snappy/native/Linux/x86_64/libsnappyjava.so;osname=linux;processor=x86-64,org/xerial/snappy/native/Linux/x86/libsnappyjava.so;osname=linux;processor=x86,org/xerial/snappy/native/Linux/arm/libsnappyjava.so;osname=linux;processor=arm,org/xerial/snappy/native/Linux/ppc64/libsnappyjava.so;osname=linux;processor=ppc64,org/xerial/snappy/native/Linux/ppc64le/libsnappyjava.so;osname=linux;processor=ppc64le,org/xerial/snappy/native/AIX/ppc64/libsnappyjava.a;osname=aix;processor=ppc64,org/xerial/snappy/native/SunOS/x86/libsnappyjava.so;osname=sunos;processor=x86,org/xerial/snappy/native/SunOS/x86_64/libsnappyjava.so;osname=sunos;processor=x86-64,org/xerial/snappy/native/SunOS/sparc/libsnappyjava.so;osname=sunos;processor=sparc Low Product Manifest bundle-symbolicname org.xerial.snappy.snappy-java Medium Product pom artifactid snappy-java Highest Product pom developer email leo@xerial.org Low Product pom developer id leo Low Product pom developer name Taro L. Saito Low Product pom developer org Xerial Project Low Product pom groupid org.xerial.snappy Highest Product pom name snappy-java High Product pom organization name xerial.org Low Product pom url https://github.comm/xerial/snappy-java Medium Version file version 1.1.1.3 High Version Manifest Bundle-Version 1.1.1.3 High Version pom version 1.1.1.3 Highest
CVE-2023-34453 suppress
snappy-java is a fast compressor/decompressor for Java. Due to unchecked multiplications, an integer overflow may occur in versions prior to 1.1.10.1, causing a fatal error.
The function `shuffle(int[] input)` in the file `BitShuffle.java` receives an array of integers and applies a bit shuffle on it. It does so by multiplying the length by 4 and passing it to the natively compiled shuffle function. Since the length is not tested, the multiplication by four can cause an integer overflow and become a smaller value than the true size, or even zero or negative. In the case of a negative value, a `java.lang.NegativeArraySizeException` exception will raise, which can crash the program. In a case of a value that is zero or too small, the code that afterwards references the shuffled array will assume a bigger size of the array, which might cause exceptions such as `java.lang.ArrayIndexOutOfBoundsException`.
The same issue exists also when using the `shuffle` functions that receive a double, float, long and short, each using a different multiplier that may cause the same issue.
Version 1.1.10.1 contains a patch for this vulnerability. CWE-190 Integer Overflow or Wraparound
CVSSv3:
Base Score: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:3.9/RC:R/MAV:A References:
Vulnerable Software & Versions:
CVE-2023-34454 suppress
snappy-java is a fast compressor/decompressor for Java. Due to unchecked multiplications, an integer overflow may occur in versions prior to 1.1.10.1, causing an unrecoverable fatal error.
The function `compress(char[] input)` in the file `Snappy.java` receives an array of characters and compresses it. It does so by multiplying the length by 2 and passing it to the rawCompress` function.
Since the length is not tested, the multiplication by two can cause an integer overflow and become negative. The rawCompress function then uses the received length and passes it to the natively compiled maxCompressedLength function, using the returned value to allocate a byte array.
Since the maxCompressedLength function treats the length as an unsigned integer, it doesn���t care that it is negative, and it returns a valid value, which is casted to a signed integer by the Java engine. If the result is negative, a `java.lang.NegativeArraySizeException` exception will be raised while trying to allocate the array `buf`. On the other side, if the result is positive, the `buf` array will successfully be allocated, but its size might be too small to use for the compression, causing a fatal Access Violation error.
The same issue exists also when using the `compress` functions that receive double, float, int, long and short, each using a different multiplier that may cause the same issue. The issue most likely won���t occur when using a byte array, since creating a byte array of size 0x80000000 (or any other negative value) is impossible in the first place.
Version 1.1.10.1 contains a patch for this issue. CWE-190 Integer Overflow or Wraparound
CVSSv3:
Base Score: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:3.9/RC:R/MAV:A References:
Vulnerable Software & Versions:
CVE-2023-34455 suppress
snappy-java is a fast compressor/decompressor for Java. Due to use of an unchecked chunk length, an unrecoverable fatal error can occur in versions prior to 1.1.10.1.
The code in the function hasNextChunk in the fileSnappyInputStream.java checks if a given stream has more chunks to read. It does that by attempting to read 4 bytes. If it wasn���t possible to read the 4 bytes, the function returns false. Otherwise, if 4 bytes were available, the code treats them as the length of the next chunk.
In the case that the `compressed` variable is null, a byte array is allocated with the size given by the input data. Since the code doesn���t test the legality of the `chunkSize` variable, it is possible to pass a negative number (such as 0xFFFFFFFF which is -1), which will cause the code to raise a `java.lang.NegativeArraySizeException` exception. A worse case would happen when passing a huge positive value (such as 0x7FFFFFFF), which would raise the fatal `java.lang.OutOfMemoryError` error.
Version 1.1.10.1 contains a patch for this issue. CWE-770 Allocation of Resources Without Limits or Throttling
CVSSv3:
Base Score: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:3.9/RC:R/MAV:A References:
Vulnerable Software & Versions:
CVE-2023-43642 suppress
snappy-java is a Java port of the snappy, a fast C++ compresser/decompresser developed by Google. The SnappyInputStream was found to be vulnerable to Denial of Service (DoS) attacks when decompressing data with a too large chunk size. Due to missing upper bound check on chunk length, an unrecoverable fatal error can occur. All versions of snappy-java including the latest released version 1.1.10.3 are vulnerable to this issue. A fix has been introduced in commit `9f8c3cf74` which will be included in the 1.1.10.4 release. Users are advised to upgrade. Users unable to upgrade should only accept compressed data from trusted sources. CWE-770 Allocation of Resources Without Limits or Throttling
CVSSv3:
Base Score: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:3.9/RC:R/MAV:A References:
security-advisories@github.com - EXPLOIT security-advisories@github.com - PATCH Vulnerable Software & Versions:
snappy-java-1.1.1.3.jar: snappyjava.dllFile Path: /home/runner/.m2/repository/org/xerial/snappy/snappy-java/1.1.1.3/snappy-java-1.1.1.3.jar/org/xerial/snappy/native/Windows/x86/snappyjava.dllMD5: c35f7d232d05fd0b8440153cb4224a5aSHA1: 45b5f3fdd2bac156b8d100ce2c29ac7126454fefSHA256: 15fb95c2168bb78cf94f61bbff7fc0bb5611db9d8509dd1322a40d735c3109bcReferenced In Project/Scope: shardingsphere-infra-database-hive:provided
Evidence Type Source Name Value Confidence Vendor file name snappyjava High Product file name snappyjava High
snappy-java-1.1.1.3.jar: snappyjava.dllFile Path: /home/runner/.m2/repository/org/xerial/snappy/snappy-java/1.1.1.3/snappy-java-1.1.1.3.jar/org/xerial/snappy/native/Windows/x86_64/snappyjava.dllMD5: eae816277d795d3397f08ad43d236576SHA1: 283068f6b5cd8bb3449867558624fe19c432d909SHA256: dfcc13605edabf70e7bec87f68bc2a1c7d06bebecd72a0d4e122eee2e695948eReferenced In Project/Scope: shardingsphere-infra-database-hive:provided
Evidence Type Source Name Value Confidence Vendor file name snappyjava High Product file name snappyjava High
spring-core-5.3.20.jarDescription:
Spring Core License:
Apache License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0 File Path: /home/runner/.m2/repository/org/springframework/spring-core/5.3.20/spring-core-5.3.20.jar
MD5: 2716746463c37172898010391db93ef2
SHA1: 4b88aa3c401ede3d6c8ac78ea0c646cf326ec24b
SHA256: 42d70d78b8822601a3b61c88dadf4be6a0021dde169a772c3fd4a6b8b2b61c90
Referenced In Project/Scope: shardingsphere-transaction-base-seata-at:provided
spring-core-5.3.20.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/io.seata/seata-all@2.0.0
Evidence Type Source Name Value Confidence Vendor file name spring-core High Vendor hint analyzer vendor pivotal software Highest Vendor hint analyzer vendor SpringSource Highest Vendor hint analyzer vendor vmware Highest Vendor jar package name core Highest Vendor jar package name io Highest Vendor jar package name springframework Highest Vendor Manifest automatic-module-name spring.core Medium Vendor pom artifactid spring-core Highest Vendor pom artifactid spring-core Low Vendor pom developer email jhoeller@pivotal.io Low Vendor pom developer id jhoeller Medium Vendor pom developer name Juergen Hoeller Medium Vendor pom groupid org.springframework Highest Vendor pom name Spring Core High Vendor pom organization name Spring IO High Vendor pom organization url https://spring.io/projects/spring-framework Medium Vendor pom url spring-projects/spring-framework Highest Product file name spring-core High Product hint analyzer product springsource_spring_framework Highest Product jar package name core Highest Product jar package name io Highest Product jar package name springframework Highest Product Manifest automatic-module-name spring.core Medium Product Manifest Implementation-Title spring-core High Product pom artifactid spring-core Highest Product pom developer email jhoeller@pivotal.io Low Product pom developer id jhoeller Low Product pom developer name Juergen Hoeller Low Product pom groupid org.springframework Highest Product pom name Spring Core High Product pom organization name Spring IO Low Product pom organization url https://spring.io/projects/spring-framework Low Product pom url spring-projects/spring-framework High Version file version 5.3.20 High Version Manifest Implementation-Version 5.3.20 High Version pom version 5.3.20 Highest
Related Dependencies spring-aop-5.3.20.jarFile Path: /home/runner/.m2/repository/org/springframework/spring-aop/5.3.20/spring-aop-5.3.20.jar MD5: 588d64fb912ed0c637e55c0878c18c4f SHA1: c82f17997ab18ecafa8d08ce34a7c7aa4a04ef9e SHA256: 00c680bef629e09f0d5fec1fe872452d9e18a14435faaaf284e51b3b1fb77e19 pkg:maven/org.springframework/spring-aop@5.3.20 spring-beans-5.3.20.jarFile Path: /home/runner/.m2/repository/org/springframework/spring-beans/5.3.20/spring-beans-5.3.20.jar MD5: 53515694bf34d29522adf7c9e8b5164c SHA1: 0ab88bd9e3a8307f5c0516c15d295c88ec318659 SHA256: 940dc731aedb1b194ab6db0e879437adb9f7c14af825dfa7596ccd3d69bba7e8 pkg:maven/org.springframework/spring-beans@5.3.20 spring-context-5.3.20.jarFile Path: /home/runner/.m2/repository/org/springframework/spring-context/5.3.20/spring-context-5.3.20.jar MD5: f54a37b6c4b217cdb0482b286ccf0bf0 SHA1: 517a42165221ea944c8b794154c10b69c0128281 SHA256: 2b5405c2baeab005300713bfd2ffad228b9cccf4dc8c8f757897831278362eee pkg:maven/org.springframework/spring-context@5.3.20 spring-expression-5.3.20.jarFile Path: /home/runner/.m2/repository/org/springframework/spring-expression/5.3.20/spring-expression-5.3.20.jar MD5: b37937ea560f8801a31217b93484681f SHA1: 20e179f0dfabf0a46428f22c2150c9c4850fd15d SHA256: 6238aa974f63cd0f92da31446d4abd3fb69496785624cd02c5adaea703b0c5c7 pkg:maven/org.springframework/spring-expression@5.3.20 spring-jcl-5.3.20.jarFile Path: /home/runner/.m2/repository/org/springframework/spring-jcl/5.3.20/spring-jcl-5.3.20.jar MD5: 5960098d2253e57c262e243b996de56f SHA1: 35119231d09863699567ce579c21512ddcbc5407 SHA256: fb6c6bf524b19a03103812e0104eaf0bcbc178ae8f425db8b547963b13483e28 pkg:maven/org.springframework/spring-jcl@5.3.20 CVE-2023-20860 suppress
Spring Framework running version 6.0.0 - 6.0.6 or 5.3.0 - 5.3.25 using "**" as a pattern in Spring Security configuration with the mvcRequestMatcher creates a mismatch in pattern matching between Spring Security and Spring MVC, and the potential for a security bypass. NVD-CWE-noinfo
CVSSv3:
Base Score: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:3.9/RC:R/MAV:A References:
Vulnerable Software & Versions: (show all )
CVE-2023-20861 suppress
In Spring Framework versions 6.0.0 - 6.0.6, 5.3.0 - 5.3.25, 5.2.0.RELEASE - 5.2.22.RELEASE, and older unsupported versions, it is possible for a user to provide a specially crafted SpEL expression that may cause a denial-of-service (DoS) condition. NVD-CWE-noinfo
CVSSv3:
Base Score: MEDIUM (6.5) Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:2.8/RC:R/MAV:A References:
Vulnerable Software & Versions: (show all )
CVE-2023-20863 suppress
In spring framework versions prior to 5.2.24 release+ ,5.3.27+ and 6.0.8+ , it is possible for a user to provide a specially crafted SpEL expression that may cause a denial-of-service (DoS) condition. CWE-400 Uncontrolled Resource Consumption, CWE-917 Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')
CVSSv3:
Base Score: MEDIUM (6.5) Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:2.8/RC:R/MAV:A References:
Vulnerable Software & Versions: (show all )
spring-web-5.3.20.jarDescription:
Spring Web License:
Apache License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0 File Path: /home/runner/.m2/repository/org/springframework/spring-web/5.3.20/spring-web-5.3.20.jar
MD5: 25d3b11e5febb6c3d06a68b8e07a7e2f
SHA1: 3c2fe9363760d62d5b7c9f087bb4255e3377a0b2
SHA256: d6db8d7a8239a0403f4fc2066b765f5209e1b14af58b5bb8215482188ef640bc
Referenced In Project/Scope: shardingsphere-transaction-base-seata-at:provided
spring-web-5.3.20.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/io.seata/seata-all@2.0.0
Evidence Type Source Name Value Confidence Vendor file name spring-web High Vendor hint analyzer vendor pivotal software Highest Vendor hint analyzer vendor SpringSource Highest Vendor hint analyzer vendor vmware Highest Vendor jar package name springframework Highest Vendor jar package name web Highest Vendor Manifest automatic-module-name spring.web Medium Vendor pom artifactid spring-web Highest Vendor pom artifactid spring-web Low Vendor pom developer email jhoeller@pivotal.io Low Vendor pom developer id jhoeller Medium Vendor pom developer name Juergen Hoeller Medium Vendor pom groupid org.springframework Highest Vendor pom name Spring Web High Vendor pom organization name Spring IO High Vendor pom organization url https://spring.io/projects/spring-framework Medium Vendor pom url spring-projects/spring-framework Highest Product file name spring-web High Product hint analyzer product springsource_spring_framework Highest Product jar package name springframework Highest Product jar package name web Highest Product Manifest automatic-module-name spring.web Medium Product Manifest Implementation-Title spring-web High Product pom artifactid spring-web Highest Product pom developer email jhoeller@pivotal.io Low Product pom developer id jhoeller Low Product pom developer name Juergen Hoeller Low Product pom groupid org.springframework Highest Product pom name Spring Web High Product pom organization name Spring IO Low Product pom organization url https://spring.io/projects/spring-framework Low Product pom url spring-projects/spring-framework High Version file version 5.3.20 High Version Manifest Implementation-Version 5.3.20 High Version pom version 5.3.20 Highest
CVE-2016-1000027 suppress
Pivotal Spring Framework through 5.3.16 suffers from a potential remote code execution (RCE) issue if used for Java deserialization of untrusted data. Depending on how the library is implemented within a product, this issue may or not occur, and authentication may be required. NOTE: the vendor's position is that untrusted data is not an intended use case. The product's behavior will not be changed because some users rely on deserialization of trusted data. CWE-502 Deserialization of Untrusted Data
CVSSv2:
Base Score: HIGH (7.5) Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P CVSSv3:
Base Score: CRITICAL (9.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:3.9/RC:R/MAV:A References:
Vulnerable Software & Versions:
CVE-2024-22243 (OSSINDEX) suppress
Applications that use UriComponentsBuilder to parse an externally provided URL (e.g. through a query parameter) AND perform validation checks on the host of the parsed URL may be vulnerable to a open redirect https://cwe.mitre.org/data/definitions/601.html attack or to a SSRF attack if the URL is used after passing validation checks.
Sonatype's research suggests that this CVE's details differ from those defined at NVD. See https://ossindex.sonatype.org/vulnerability/CVE-2024-22243 for details CWE-20 Improper Input Validation
CVSSv3:
Base Score: HIGH (8.100000381469727) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N References:
Vulnerable Software & Versions (OSSINDEX):
cpe:2.3:a:org.springframework:spring-web:5.3.20:*:*:*:*:*:*:* CVE-2024-22262 (OSSINDEX) suppress
Applications that use UriComponentsBuilder to parse an externally provided URL (e.g. through a query parameter) AND perform validation checks on the host of the parsed URL may be vulnerable to a open redirect https://cwe.mitre.org/data/definitions/601.html attack or to a SSRF attack if the URL is used after passing validation checks.
This is the same as CVE-2024-22259 https://spring.io/security/cve-2024-22259 and CVE-2024-22243 https://spring.io/security/cve-2024-22243 , but with different input.
CWE-20 Improper Input Validation
CVSSv3:
Base Score: HIGH (8.100000381469727) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N References:
Vulnerable Software & Versions (OSSINDEX):
cpe:2.3:a:org.springframework:spring-web:5.3.20:*:*:*:*:*:*:* CVE-2023-20860 suppress
Spring Framework running version 6.0.0 - 6.0.6 or 5.3.0 - 5.3.25 using "**" as a pattern in Spring Security configuration with the mvcRequestMatcher creates a mismatch in pattern matching between Spring Security and Spring MVC, and the potential for a security bypass. NVD-CWE-noinfo
CVSSv3:
Base Score: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:3.9/RC:R/MAV:A References:
Vulnerable Software & Versions: (show all )
CVE-2023-20861 suppress
In Spring Framework versions 6.0.0 - 6.0.6, 5.3.0 - 5.3.25, 5.2.0.RELEASE - 5.2.22.RELEASE, and older unsupported versions, it is possible for a user to provide a specially crafted SpEL expression that may cause a denial-of-service (DoS) condition. NVD-CWE-noinfo
CVSSv3:
Base Score: MEDIUM (6.5) Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:2.8/RC:R/MAV:A References:
Vulnerable Software & Versions: (show all )
CVE-2023-20863 suppress
In spring framework versions prior to 5.2.24 release+ ,5.3.27+ and 6.0.8+ , it is possible for a user to provide a specially crafted SpEL expression that may cause a denial-of-service (DoS) condition. CWE-400 Uncontrolled Resource Consumption, CWE-917 Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')
CVSSv3:
Base Score: MEDIUM (6.5) Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:2.8/RC:R/MAV:A References:
Vulnerable Software & Versions: (show all )
spring-webmvc-5.3.20.jarDescription:
Spring Web MVC License:
Apache License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0 File Path: /home/runner/.m2/repository/org/springframework/spring-webmvc/5.3.20/spring-webmvc-5.3.20.jar
MD5: 136b8022b6ffda56891422bda4c008a9
SHA1: 8ac1b72a1f5c41fdc2cb3340cd94f795af260301
SHA256: c48ed223170af7efc363e6ee917e25448b5a6015b36dff3bc4e685858179c89c
Referenced In Project/Scope: shardingsphere-transaction-base-seata-at:provided
spring-webmvc-5.3.20.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/io.seata/seata-all@2.0.0
Evidence Type Source Name Value Confidence Vendor file name spring-webmvc High Vendor hint analyzer vendor pivotal software Highest Vendor hint analyzer vendor SpringSource Highest Vendor hint analyzer vendor vmware Highest Vendor jar package name mvc Highest Vendor jar package name springframework Highest Vendor jar package name web Highest Vendor Manifest automatic-module-name spring.webmvc Medium Vendor pom artifactid spring-webmvc Highest Vendor pom artifactid spring-webmvc Low Vendor pom developer email jhoeller@pivotal.io Low Vendor pom developer id jhoeller Medium Vendor pom developer name Juergen Hoeller Medium Vendor pom groupid org.springframework Highest Vendor pom name Spring Web MVC High Vendor pom organization name Spring IO High Vendor pom organization url https://spring.io/projects/spring-framework Medium Vendor pom url spring-projects/spring-framework Highest Product file name spring-webmvc High Product hint analyzer product springsource_spring_framework Highest Product jar package name mvc Highest Product jar package name springframework Highest Product jar package name web Highest Product Manifest automatic-module-name spring.webmvc Medium Product Manifest Implementation-Title spring-webmvc High Product pom artifactid spring-webmvc Highest Product pom developer email jhoeller@pivotal.io Low Product pom developer id jhoeller Low Product pom developer name Juergen Hoeller Low Product pom groupid org.springframework Highest Product pom name Spring Web MVC High Product pom organization name Spring IO Low Product pom organization url https://spring.io/projects/spring-framework Low Product pom url spring-projects/spring-framework High Version file version 5.3.20 High Version Manifest Implementation-Version 5.3.20 High Version pom version 5.3.20 Highest
CVE-2023-20860 suppress
Spring Framework running version 6.0.0 - 6.0.6 or 5.3.0 - 5.3.25 using "**" as a pattern in Spring Security configuration with the mvcRequestMatcher creates a mismatch in pattern matching between Spring Security and Spring MVC, and the potential for a security bypass. NVD-CWE-noinfo
CVSSv3:
Base Score: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:3.9/RC:R/MAV:A References:
Vulnerable Software & Versions: (show all )
CVE-2023-20861 suppress
In Spring Framework versions 6.0.0 - 6.0.6, 5.3.0 - 5.3.25, 5.2.0.RELEASE - 5.2.22.RELEASE, and older unsupported versions, it is possible for a user to provide a specially crafted SpEL expression that may cause a denial-of-service (DoS) condition. NVD-CWE-noinfo
CVSSv3:
Base Score: MEDIUM (6.5) Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:2.8/RC:R/MAV:A References:
Vulnerable Software & Versions: (show all )
CVE-2023-20863 suppress
In spring framework versions prior to 5.2.24 release+ ,5.3.27+ and 6.0.8+ , it is possible for a user to provide a specially crafted SpEL expression that may cause a denial-of-service (DoS) condition. CWE-400 Uncontrolled Resource Consumption, CWE-917 Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')
CVSSv3:
Base Score: MEDIUM (6.5) Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:2.8/RC:R/MAV:A References:
Vulnerable Software & Versions: (show all )
stax-api-1.0-2.jarDescription:
StAX is a standard XML processing API that allows you to stream XML data from and to your application.
License:
GNU General Public Library: http://www.gnu.org/licenses/gpl.txt
COMMON DEVELOPMENT AND DISTRIBUTION LICENSE (CDDL) Version 1.0: http://www.sun.com/cddl/cddl.html File Path: /home/runner/.m2/repository/javax/xml/stream/stax-api/1.0-2/stax-api-1.0-2.jar
MD5: 7d18b63063580284c3f5734081fdc99f
SHA1: d6337b0de8b25e53e81b922352fbea9f9f57ba0b
SHA256: e8c70ebd76f982c9582a82ef82cf6ce14a7d58a4a4dca5cb7b7fc988c80089b7
Referenced In Project/Scope: shardingsphere-infra-database-hive:provided
stax-api-1.0-2.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.hive/hive-jdbc@3.1.3
Evidence Type Source Name Value Confidence Vendor file name stax-api High Vendor jar package name javax Highest Vendor jar package name javax Low Vendor jar package name stream Highest Vendor jar package name stream Low Vendor jar package name xml Highest Vendor jar package name xml Low Vendor pom artifactid stax-api Highest Vendor pom artifactid stax-api Low Vendor pom groupid javax.xml.stream Highest Vendor pom name Streaming API for XML High Product file name stax-api High Product jar package name javax Highest Product jar package name stream Highest Product jar package name stream Low Product jar package name xml Highest Product jar package name xml Low Product pom artifactid stax-api Highest Product pom groupid javax.xml.stream Highest Product pom name Streaming API for XML High Version pom version 1.0-2 Highest
stax2-api-4.2.1.jarDescription:
tax2 API is an extension to basic Stax 1.0 API that adds significant new functionality, such as full-featured bi-direction validation interface and high-performance Typed Access API.
License:
The BSD License: http://www.opensource.org/licenses/bsd-license.php File Path: /home/runner/.m2/repository/org/codehaus/woodstox/stax2-api/4.2.1/stax2-api-4.2.1.jar
MD5: af8377bc7882332e22456616a9f164f6
SHA1: a3f7325c52240418c2ba257b103c3c550e140c83
SHA256: 678567e48b51a42c65c699f266539ad3d676d4b1a5b0ad7d89ece8b9d5772579
Referenced In Projects/Scopes: shardingsphere-agent-metrics-core:provided shardingsphere-proxy-native-distribution:compile shardingsphere-agent-tracing-core:provided shardingsphere-test-e2e-sql:compile shardingsphere-proxy-backend-hbase:compile shardingsphere-agent-logging-file:provided shardingsphere-test-e2e-fixture:compile shardingsphere-agent-plugin-core:provided shardingsphere-test-e2e-agent-plugins-zipkin:compile shardingsphere-test-e2e-driver:compile shardingsphere-agent-plugin-logging:provided shardingsphere-test-e2e-showprocesslist:compile shardingsphere-proxy-distribution:compile shardingsphere-test-e2e-transaction:compile shardingsphere-agent-metrics-type:provided shardingsphere-agent-tracing-opentelemetry:provided shardingsphere-data-pipeline-opengauss:compile shardingsphere-data-pipeline-core:compile shardingsphere-test-e2e-agent-plugins-logging-file:compile shardingsphere-jdbc-distribution:compile shardingsphere-agent-tracing-type:provided shardingsphere-test-e2e-agent-jdbc-project:compile shardingsphere-proxy-frontend-spi:compile shardingsphere-agent-plugins:provided shardingsphere-agent-plugin-tracing:provided shardingsphere-test-e2e-pipeline:compile shardingsphere-proxy-backend-opengauss:compile shardingsphere-data-pipeline-scenario-consistencycheck:compile shardingsphere-test-e2e-agent-plugins-metrics-prometheus:compile shardingsphere-test-e2e-agent-plugins-jaeger:compile shardingsphere-proxy-backend-postgresql:compile shardingsphere-agent-logging-type:provided shardingsphere-data-pipeline-cdc-core:compile shardingsphere-data-pipeline-postgresql:compile shardingsphere-test-e2e-env:compile shardingsphere-proxy-frontend-opengauss:compile shardingsphere-proxy-backend-core:compile shardingsphere-test-it-pipeline:compile shardingsphere-jdbc:compile shardingsphere-standalone-mode-repository-jdbc:compile shardingsphere-proxy-frontend-postgresql:compile shardingsphere-agent-metrics-prometheus:provided shardingsphere-proxy-frontend-mysql:compile shardingsphere-test-e2e-agent-plugins-common:compile shardingsphere-proxy-frontend-core:compile shardingsphere-proxy-bootstrap:compile shardingsphere-data-pipeline-distsql-handler:compile shardingsphere-agent-plugin-metrics:provided shardingsphere-data-pipeline-scenario-migration:compile shardingsphere-proxy-backend-mysql:compile stax2-api-4.2.1.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.shardingsphere/shardingsphere-jdbc@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-common@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-jdbc@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-jdbc@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-bootstrap@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-jdbc@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-jdbc@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-jdbc@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-bootstrap@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-jdbc@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-jdbc@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-scenario-consistencycheck@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-bootstrap@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-postgresql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-jdbc@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-bootstrap@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-postgresql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-jdbc@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-bootstrap@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-common@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-fixture@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-mysql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-jdbc@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-bootstrap@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-fixture@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-common@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-env@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-bootstrap@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-jdbc@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-env@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-jdbc@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-standalone-mode-repository-jdbc@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-jdbc@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-jdbc@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/com.fasterxml.jackson.dataformat/jackson-dataformat-xml@2.16.1 pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-common@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-standalone-mode-repository-jdbc@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-jdbc@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT Evidence Type Source Name Value Confidence Vendor file name stax2-api High Vendor jar package name codehaus Highest Vendor jar package name stax2 Highest Vendor jar package name typed Highest Vendor jar package name validation Highest Vendor Manifest automatic-module-name org.codehaus.stax2 Medium Vendor Manifest bundle-docurl http://github.com/FasterXML/stax2-api Low Vendor Manifest bundle-symbolicname stax2-api Medium Vendor Manifest implementation-build-date 2020-05-14 04:15:18+0000 Low Vendor Manifest Implementation-Vendor fasterxml.com High Vendor Manifest Implementation-Vendor-Id org.codehaus.woodstox Medium Vendor Manifest specification-vendor fasterxml.com Low Vendor pom artifactid stax2-api Highest Vendor pom artifactid stax2-api Low Vendor pom developer email tatu@fasterxml.com Low Vendor pom developer id tatu Medium Vendor pom developer name Tatu Saloranta Medium Vendor pom groupid org.codehaus.woodstox Highest Vendor pom name Stax2 API High Vendor pom organization name fasterxml.com High Vendor pom organization url http://fasterxml.com Medium Vendor pom parent-artifactid oss-parent Low Vendor pom parent-groupid com.fasterxml Medium Vendor pom url http://github.com/FasterXML/stax2-api Highest Product file name stax2-api High Product jar package name codehaus Highest Product jar package name stax2 Highest Product jar package name typed Highest Product jar package name validation Highest Product Manifest automatic-module-name org.codehaus.stax2 Medium Product Manifest bundle-docurl http://github.com/FasterXML/stax2-api Low Product Manifest Bundle-Name Stax2 API Medium Product Manifest bundle-symbolicname stax2-api Medium Product Manifest implementation-build-date 2020-05-14 04:15:18+0000 Low Product Manifest Implementation-Title Stax2 API High Product Manifest specification-title Stax2 API Medium Product pom artifactid stax2-api Highest Product pom developer email tatu@fasterxml.com Low Product pom developer id tatu Low Product pom developer name Tatu Saloranta Low Product pom groupid org.codehaus.woodstox Highest Product pom name Stax2 API High Product pom organization name fasterxml.com Low Product pom organization url http://fasterxml.com Low Product pom parent-artifactid oss-parent Medium Product pom parent-groupid com.fasterxml Medium Product pom url http://github.com/FasterXML/stax2-api Medium Version file version 4.2.1 High Version Manifest Bundle-Version 4.2.1 High Version Manifest Implementation-Version 4.2.1 High Version pom parent-version 4.2.1 Low Version pom version 4.2.1 Highest
taglibs-standard-impl-1.2.5.jarDescription:
An implementation of the JSP Standard Tag Library (JSTL).
License:
http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/runner/.m2/repository/org/apache/taglibs/taglibs-standard-impl/1.2.5/taglibs-standard-impl-1.2.5.jar
MD5: 8e5c8db242fbef3db1acfcbb3bc8ec8b
SHA1: 9b9783ccb2a323383e6e20e36d368f8997b71967
SHA256: d075cb77d94e2d115b4d90a897b57d65cc31ed8e1b95d65361da324642705728
Referenced In Project/Scope: shardingsphere-infra-database-hive:provided
taglibs-standard-impl-1.2.5.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.hive/hive-jdbc@3.1.3
Evidence Type Source Name Value Confidence Vendor file name taglibs-standard-impl High Vendor jar package name apache Highest Vendor jar package name standard Highest Vendor jar package name tag Highest Vendor jar package name taglibs Highest Vendor Manifest bundle-docurl http://tomcat.apache.org/taglibs/standard-1.2.5/taglibs-standard-impl Low Vendor Manifest bundle-symbolicname org.apache.taglibs.standard-impl Medium Vendor pom artifactid taglibs-standard-impl Highest Vendor pom artifactid taglibs-standard-impl Low Vendor pom developer name Bjorn Townsend Medium Vendor pom developer name Dmitri Plotnikov Medium Vendor pom developer name Felipe Leme Medium Vendor pom developer name Glenn Nielsen Medium Vendor pom developer name Hans Bergsten Medium Vendor pom developer name Henri Yandell Medium Vendor pom developer name Jan Luehe Medium Vendor pom developer name Justyna Horwat Medium Vendor pom developer name Mark Kolb Medium Vendor pom developer name Nathan Abramson Medium Vendor pom developer name Pierre Delisle Medium Vendor pom developer name Scott Hasse Medium Vendor pom developer name Shawn Bayern Medium Vendor pom groupid org.apache.taglibs Highest Vendor pom name Apache Standard Taglib Implementation High Vendor pom parent-artifactid taglibs-standard Low Product file name taglibs-standard-impl High Product jar package name apache Highest Product jar package name standard Highest Product jar package name tag Highest Product jar package name taglibs Highest Product Manifest bundle-docurl http://tomcat.apache.org/taglibs/standard-1.2.5/taglibs-standard-impl Low Product Manifest Bundle-Name Apache Standard Taglib Implementation Medium Product Manifest bundle-symbolicname org.apache.taglibs.standard-impl Medium Product Manifest Implementation-Title Apache Standard Taglib Implementation High Product pom artifactid taglibs-standard-impl Highest Product pom developer name Bjorn Townsend Low Product pom developer name Dmitri Plotnikov Low Product pom developer name Felipe Leme Low Product pom developer name Glenn Nielsen Low Product pom developer name Hans Bergsten Low Product pom developer name Henri Yandell Low Product pom developer name Jan Luehe Low Product pom developer name Justyna Horwat Low Product pom developer name Mark Kolb Low Product pom developer name Nathan Abramson Low Product pom developer name Pierre Delisle Low Product pom developer name Scott Hasse Low Product pom developer name Shawn Bayern Low Product pom groupid org.apache.taglibs Highest Product pom name Apache Standard Taglib Implementation High Product pom parent-artifactid taglibs-standard Medium Version file version 1.2.5 High Version Manifest Bundle-Version 1.2.5 High Version Manifest Implementation-Version 1.2.5 High Version pom version 1.2.5 Highest
Related Dependencies jetty-runner-9.3.20.v20170531.jar (shaded: org.apache.taglibs:taglibs-standard-spec:1.2.5)File Path: /home/runner/.m2/repository/org/eclipse/jetty/jetty-runner/9.3.20.v20170531/jetty-runner-9.3.20.v20170531.jar/META-INF/maven/org.apache.taglibs/taglibs-standard-spec/pom.xml MD5: 2a3df2a82b3bd6de008763fcd87ed10c SHA1: 6e5f587dbddfa61aea4d40261f0ac87382e307b5 SHA256: a96c44bd2430ff9d437dec0d1fdb91fd9e9435133372f85651987a6006523569 pkg:maven/org.apache.taglibs/taglibs-standard-spec@1.2.5 taglibs-standard-spec-1.2.5.jarFile Path: /home/runner/.m2/repository/org/apache/taglibs/taglibs-standard-spec/1.2.5/taglibs-standard-spec-1.2.5.jar MD5: 671c434560d04e8f06aac02a413d11e4 SHA1: c3bb98c30f75fef1e229d1d03cf8457de22f1ba0 SHA256: 81a195f8acab3f072fe4d6c279b7c29575bcac49081076e3d08bbda829275189 pkg:maven/org.apache.taglibs/taglibs-standard-spec@1.2.5 transactions-6.0.0.jarFile Path: /home/runner/.m2/repository/com/atomikos/transactions/6.0.0/transactions-6.0.0.jarMD5: 99686abff350ee58af026cdfa1179732SHA1: 296b7fa6c12b4e9197f202e31ebc974c3b05a1edSHA256: e8d120f05f01a0422cdd059f89ea161034a670935215a29b41846e2bfbdf8b0cReferenced In Projects/Scopes:
shardingsphere-proxy-backend-opengauss:compile shardingsphere-test-e2e-agent-plugins-metrics-prometheus:compile shardingsphere-test-e2e-agent-plugins-jaeger:compile shardingsphere-agent-metrics-core:provided shardingsphere-proxy-backend-postgresql:compile shardingsphere-agent-logging-type:provided shardingsphere-proxy-native-distribution:compile shardingsphere-agent-tracing-core:provided shardingsphere-test-e2e-sql:compile shardingsphere-proxy-backend-hbase:compile shardingsphere-agent-logging-file:provided shardingsphere-test-e2e-env:compile shardingsphere-test-e2e-fixture:compile shardingsphere-agent-plugin-core:provided shardingsphere-test-e2e-agent-plugins-zipkin:compile shardingsphere-proxy-frontend-opengauss:compile shardingsphere-agent-plugin-logging:provided shardingsphere-proxy-backend-core:compile shardingsphere-test-e2e-showprocesslist:compile shardingsphere-proxy-distribution:compile shardingsphere-test-e2e-transaction:compile shardingsphere-agent-metrics-type:provided shardingsphere-agent-tracing-opentelemetry:provided shardingsphere-proxy-frontend-postgresql:compile shardingsphere-transaction-xa-atomikos:compile shardingsphere-agent-metrics-prometheus:provided shardingsphere-proxy-frontend-mysql:compile shardingsphere-test-e2e-agent-plugins-logging-file:compile shardingsphere-test-e2e-agent-plugins-common:compile shardingsphere-transaction-xa-core:compile shardingsphere-agent-tracing-type:provided shardingsphere-proxy-frontend-core:compile shardingsphere-proxy-bootstrap:compile shardingsphere-proxy-frontend-spi:compile shardingsphere-agent-plugin-metrics:provided shardingsphere-agent-plugins:provided shardingsphere-agent-plugin-tracing:provided shardingsphere-proxy-backend-mysql:compile shardingsphere-test-e2e-pipeline:compile transactions-6.0.0.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-bootstrap@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-bootstrap@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-transaction-xa-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-common@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-transaction@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-env@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-fixture@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-postgresql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-fixture@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-transaction-xa-atomikos@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-common@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-transaction-xa-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-env@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-fixture@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-common@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-common@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-transaction-xa-atomikos@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT Evidence Type Source Name Value Confidence Vendor file name transactions High Vendor jar package name atomikos Highest Vendor jar package name atomikos Low Vendor jar package name icatch Low Vendor jar package name imp Low Vendor pom artifactid transactions Highest Vendor pom artifactid transactions Low Vendor pom groupid com.atomikos Highest Vendor pom name Transactions Core High Vendor pom parent-artifactid ate Low Product file name transactions High Product jar package name atomikos Highest Product jar package name icatch Low Product jar package name imp Low Product pom artifactid transactions Highest Product pom groupid com.atomikos Highest Product pom name Transactions Core High Product pom parent-artifactid ate Medium Version file version 6.0.0 High Version pom version 6.0.0 Highest
transactions-api-6.0.0.jarFile Path: /home/runner/.m2/repository/com/atomikos/transactions-api/6.0.0/transactions-api-6.0.0.jarMD5: bce16b9f9a32a24fe76e3bd56258f772SHA1: cc1eb60b1a86f38cdaeea9665b55ed2549b691abSHA256: 6776b034aad83b2eeb2771eeb7cb4d346c9b22f76f063788ac225818cbf9983bReferenced In Projects/Scopes:
shardingsphere-proxy-backend-opengauss:compile shardingsphere-test-e2e-agent-plugins-metrics-prometheus:compile shardingsphere-test-e2e-agent-plugins-jaeger:compile shardingsphere-agent-metrics-core:provided shardingsphere-proxy-backend-postgresql:compile shardingsphere-agent-logging-type:provided shardingsphere-proxy-native-distribution:compile shardingsphere-agent-tracing-core:provided shardingsphere-test-e2e-sql:compile shardingsphere-proxy-backend-hbase:compile shardingsphere-agent-logging-file:provided shardingsphere-test-e2e-env:compile shardingsphere-test-e2e-fixture:compile shardingsphere-agent-plugin-core:provided shardingsphere-test-e2e-agent-plugins-zipkin:compile shardingsphere-proxy-frontend-opengauss:compile shardingsphere-agent-plugin-logging:provided shardingsphere-proxy-backend-core:compile shardingsphere-test-e2e-showprocesslist:compile shardingsphere-proxy-distribution:compile shardingsphere-test-e2e-transaction:compile shardingsphere-agent-metrics-type:provided shardingsphere-agent-tracing-opentelemetry:provided shardingsphere-proxy-frontend-postgresql:compile shardingsphere-transaction-xa-atomikos:compile shardingsphere-agent-metrics-prometheus:provided shardingsphere-proxy-frontend-mysql:compile shardingsphere-test-e2e-agent-plugins-logging-file:compile shardingsphere-test-e2e-agent-plugins-common:compile shardingsphere-transaction-xa-core:compile shardingsphere-agent-tracing-type:provided shardingsphere-proxy-frontend-core:compile shardingsphere-proxy-bootstrap:compile shardingsphere-proxy-frontend-spi:compile shardingsphere-agent-plugin-metrics:provided shardingsphere-agent-plugins:provided shardingsphere-agent-plugin-tracing:provided shardingsphere-proxy-backend-mysql:compile shardingsphere-test-e2e-pipeline:compile transactions-api-6.0.0.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-env@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/com.atomikos/transactions@6.0.0 pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-bootstrap@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-common@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-env@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-fixture@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-common@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-bootstrap@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-fixture@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/com.atomikos/transactions@6.0.0 pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-common@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-postgresql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-transaction-xa-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-fixture@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-transaction-xa-atomikos@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-transaction-xa-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-common@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT Evidence Type Source Name Value Confidence Vendor file name transactions-api High Vendor jar package name atomikos Highest Vendor jar package name atomikos Low Vendor jar package name icatch Low Vendor pom artifactid transactions-api Highest Vendor pom artifactid transactions-api Low Vendor pom groupid com.atomikos Highest Vendor pom name Transactions API High Vendor pom parent-artifactid ate Low Product file name transactions-api High Product jar package name atomikos Highest Product jar package name icatch Low Product pom artifactid transactions-api Highest Product pom groupid com.atomikos Highest Product pom name Transactions API High Product pom parent-artifactid ate Medium Version file version 6.0.0 High Version pom version 6.0.0 Highest
transactions-jdbc-6.0.0.jarFile Path: /home/runner/.m2/repository/com/atomikos/transactions-jdbc/6.0.0/transactions-jdbc-6.0.0.jarMD5: 478ed95e2906c200815a2b093772d062SHA1: 0ec2c0c770e028bc9810f25c7c48932dde001242SHA256: cc9c173f797689a7206d36eccfa733ce58bf98e46cc5816993a03a4799cf0608Referenced In Projects/Scopes:
shardingsphere-proxy-backend-opengauss:compile shardingsphere-test-e2e-agent-plugins-metrics-prometheus:compile shardingsphere-test-e2e-agent-plugins-jaeger:compile shardingsphere-agent-metrics-core:provided shardingsphere-proxy-backend-postgresql:compile shardingsphere-agent-logging-type:provided shardingsphere-proxy-native-distribution:compile shardingsphere-agent-tracing-core:provided shardingsphere-test-e2e-sql:compile shardingsphere-proxy-backend-hbase:compile shardingsphere-agent-logging-file:provided shardingsphere-test-e2e-env:compile shardingsphere-test-e2e-fixture:compile shardingsphere-agent-plugin-core:provided shardingsphere-test-e2e-agent-plugins-zipkin:compile shardingsphere-proxy-frontend-opengauss:compile shardingsphere-agent-plugin-logging:provided shardingsphere-proxy-backend-core:compile shardingsphere-test-e2e-showprocesslist:compile shardingsphere-proxy-distribution:compile shardingsphere-test-e2e-transaction:compile shardingsphere-agent-metrics-type:provided shardingsphere-agent-tracing-opentelemetry:provided shardingsphere-proxy-frontend-postgresql:compile shardingsphere-transaction-xa-atomikos:compile shardingsphere-agent-metrics-prometheus:provided shardingsphere-proxy-frontend-mysql:compile shardingsphere-test-e2e-agent-plugins-logging-file:compile shardingsphere-test-e2e-agent-plugins-common:compile shardingsphere-transaction-xa-core:compile shardingsphere-agent-tracing-type:provided shardingsphere-proxy-frontend-core:compile shardingsphere-proxy-bootstrap:compile shardingsphere-proxy-frontend-spi:compile shardingsphere-agent-plugin-metrics:provided shardingsphere-agent-plugins:provided shardingsphere-agent-plugin-tracing:provided shardingsphere-proxy-backend-mysql:compile shardingsphere-test-e2e-pipeline:compile transactions-jdbc-6.0.0.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-transaction@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-fixture@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-bootstrap@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-transaction-xa-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-env@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-transaction-xa-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-common@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-common@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-fixture@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-postgresql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-fixture@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-bootstrap@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-transaction-xa-atomikos@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-transaction-xa-atomikos@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-env@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-common@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-common@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT Evidence Type Source Name Value Confidence Vendor file name transactions-jdbc High Vendor jar package name atomikos Highest Vendor jar package name atomikos Low Vendor jar package name internal Low Vendor jar package name jdbc Highest Vendor jar package name jdbc Low Vendor pom artifactid transactions-jdbc Highest Vendor pom artifactid transactions-jdbc Low Vendor pom groupid com.atomikos Highest Vendor pom name Transactions JDBC High Vendor pom parent-artifactid ate Low Product file name transactions-jdbc High Product jar package name atomikos Highest Product jar package name internal Low Product jar package name jdbc Highest Product jar package name jdbc Low Product pom artifactid transactions-jdbc Highest Product pom groupid com.atomikos Highest Product pom name Transactions JDBC High Product pom parent-artifactid ate Medium Version file version 6.0.0 High Version pom version 6.0.0 Highest
transactions-jta-6.0.0.jarFile Path: /home/runner/.m2/repository/com/atomikos/transactions-jta/6.0.0/transactions-jta-6.0.0.jarMD5: 6458dde6359aab279a939cbd55d380abSHA1: a6cec70d4a7eb32e28762da32881b48d86124ff2SHA256: ef03d2ae1f9337ca4aadba0f464a9ed12f6dd0ae16da231e8e3cd1329b19cf97Referenced In Projects/Scopes:
shardingsphere-proxy-backend-opengauss:compile shardingsphere-test-e2e-agent-plugins-metrics-prometheus:compile shardingsphere-test-e2e-agent-plugins-jaeger:compile shardingsphere-agent-metrics-core:provided shardingsphere-proxy-backend-postgresql:compile shardingsphere-agent-logging-type:provided shardingsphere-proxy-native-distribution:compile shardingsphere-agent-tracing-core:provided shardingsphere-test-e2e-sql:compile shardingsphere-proxy-backend-hbase:compile shardingsphere-agent-logging-file:provided shardingsphere-test-e2e-env:compile shardingsphere-test-e2e-fixture:compile shardingsphere-agent-plugin-core:provided shardingsphere-test-e2e-agent-plugins-zipkin:compile shardingsphere-proxy-frontend-opengauss:compile shardingsphere-agent-plugin-logging:provided shardingsphere-proxy-backend-core:compile shardingsphere-test-e2e-showprocesslist:compile shardingsphere-proxy-distribution:compile shardingsphere-test-e2e-transaction:compile shardingsphere-agent-metrics-type:provided shardingsphere-agent-tracing-opentelemetry:provided shardingsphere-proxy-frontend-postgresql:compile shardingsphere-transaction-xa-atomikos:compile shardingsphere-agent-metrics-prometheus:provided shardingsphere-proxy-frontend-mysql:compile shardingsphere-test-e2e-agent-plugins-logging-file:compile shardingsphere-test-e2e-agent-plugins-common:compile shardingsphere-transaction-xa-core:compile shardingsphere-agent-tracing-type:provided shardingsphere-proxy-frontend-core:compile shardingsphere-proxy-bootstrap:compile shardingsphere-proxy-frontend-spi:compile shardingsphere-agent-plugin-metrics:provided shardingsphere-agent-plugins:provided shardingsphere-agent-plugin-tracing:provided shardingsphere-proxy-backend-mysql:compile shardingsphere-test-e2e-pipeline:compile transactions-jta-6.0.0.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-common@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-transaction@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-bootstrap@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-bootstrap@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-common@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-fixture@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-transaction-xa-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-transaction-xa-atomikos@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-env@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-common@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-fixture@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-env@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-fixture@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-common@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-transaction-xa-atomikos@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-transaction-xa-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-postgresql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT Evidence Type Source Name Value Confidence Vendor file name transactions-jta High Vendor jar package name atomikos Highest Vendor jar package name atomikos Low Vendor jar package name datasource Low Vendor jar package name jta Highest Vendor pom artifactid transactions-jta Highest Vendor pom artifactid transactions-jta Low Vendor pom groupid com.atomikos Highest Vendor pom name Transactions JTA High Vendor pom parent-artifactid ate Low Product file name transactions-jta High Product jar package name atomikos Highest Product jar package name datasource Low Product jar package name jta Highest Product pom artifactid transactions-jta Highest Product pom groupid com.atomikos Highest Product pom name Transactions JTA High Product pom parent-artifactid ate Medium Version file version 6.0.0 High Version pom version 6.0.0 Highest
transmittable-thread-local-2.14.2.jar (shaded: org.javassist:javassist:3.29.2-GA) transmittable-thread-local-2.14.2.jar txw2-2.3.9.jarDescription:
TXW is a library that allows you to write XML documents.
File Path: /home/runner/.m2/repository/org/glassfish/jaxb/txw2/2.3.9/txw2-2.3.9.jarMD5: 5db04c7917b3c0a07862a7e63bfc1581SHA1: 13a78453a89bf7d268382a520cba4d5435c5adfcSHA256: 973018b87af911ecf6e6d861dd0d6a477e4d8ae6a883ec5d073d3df1330b87f0Referenced In Projects/Scopes:
shardingsphere-test-fixture-database:compile shardingsphere-test-it-parser:compile shardingsphere-test-e2e-agent-plugins-metrics-prometheus:compile shardingsphere-test-e2e-agent-plugins-jaeger:compile shardingsphere-test-it:compile shardingsphere-test-util:compile shardingsphere-test-e2e-agent-plugins-logging:compile shardingsphere-test-e2e-sql:compile shardingsphere-test-e2e-agent-plugins:compile shardingsphere-test-e2e-operation:compile shardingsphere-test-it-yaml:compile shardingsphere-test-fixture:compile shardingsphere-test-e2e-agent-plugins-tracing:compile shardingsphere-test-fixture-infra:compile shardingsphere-test-e2e-env:compile shardingsphere-test:compile shardingsphere-test-e2e-fixture:compile shardingsphere-test-it-optimizer:compile shardingsphere-test-e2e-agent-plugins-zipkin:compile shardingsphere-test-e2e-driver:compile shardingsphere-test-it-pipeline:compile shardingsphere-test-e2e-showprocesslist:compile shardingsphere-test-native:compile shardingsphere-test-e2e-transaction:compile shardingsphere-test-e2e:compile shardingsphere-test-e2e-agent-plugins-logging-file:compile shardingsphere-test-e2e-agent:compile shardingsphere-test-e2e-agent-plugins-common:compile shardingsphere-test-it-rewriter:compile shardingsphere-test-e2e-agent-jdbc-project:compile shardingsphere-test-e2e-agent-plugins-metrics:compile shardingsphere-test-e2e-pipeline:compile txw2-2.3.9.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.glassfish.jaxb/jaxb-runtime@2.3.9 pkg:maven/org.glassfish.jaxb/jaxb-runtime@2.3.9 pkg:maven/org.glassfish.jaxb/jaxb-runtime@2.3.9 pkg:maven/org.glassfish.jaxb/jaxb-runtime@2.3.9 pkg:maven/org.glassfish.jaxb/jaxb-runtime@2.3.9 pkg:maven/org.glassfish.jaxb/jaxb-runtime@2.3.9 pkg:maven/org.glassfish.jaxb/jaxb-runtime@2.3.9 pkg:maven/org.glassfish.jaxb/jaxb-runtime@2.3.9 pkg:maven/org.glassfish.jaxb/jaxb-runtime@2.3.9 pkg:maven/org.glassfish.jaxb/jaxb-runtime@2.3.9 pkg:maven/org.glassfish.jaxb/jaxb-runtime@2.3.9 pkg:maven/org.glassfish.jaxb/jaxb-runtime@2.3.9 pkg:maven/org.glassfish.jaxb/jaxb-runtime@2.3.9 pkg:maven/org.glassfish.jaxb/jaxb-runtime@2.3.9 pkg:maven/org.glassfish.jaxb/jaxb-runtime@2.3.9 pkg:maven/org.glassfish.jaxb/jaxb-runtime@2.3.9 pkg:maven/org.glassfish.jaxb/jaxb-runtime@2.3.9 pkg:maven/org.glassfish.jaxb/jaxb-runtime@2.3.9 pkg:maven/org.glassfish.jaxb/jaxb-runtime@2.3.9 pkg:maven/org.glassfish.jaxb/jaxb-runtime@2.3.9 pkg:maven/org.glassfish.jaxb/jaxb-runtime@2.3.9 pkg:maven/org.glassfish.jaxb/jaxb-runtime@2.3.9 pkg:maven/org.glassfish.jaxb/jaxb-runtime@2.3.9 pkg:maven/org.glassfish.jaxb/jaxb-runtime@2.3.9 pkg:maven/org.glassfish.jaxb/jaxb-runtime@2.3.9 pkg:maven/org.glassfish.jaxb/jaxb-runtime@2.3.9 pkg:maven/org.glassfish.jaxb/jaxb-runtime@2.3.9 pkg:maven/org.glassfish.jaxb/jaxb-runtime@2.3.9 pkg:maven/org.glassfish.jaxb/jaxb-runtime@2.3.9 pkg:maven/org.glassfish.jaxb/jaxb-runtime@2.3.9 pkg:maven/org.glassfish.jaxb/jaxb-runtime@2.3.9 pkg:maven/org.glassfish.jaxb/jaxb-runtime@2.3.9 Evidence Type Source Name Value Confidence Vendor file name txw2 High Vendor jar package name sun Highest Vendor jar package name txw Highest Vendor jar package name txw2 Highest Vendor jar package name xml Highest Vendor jar (hint) package name oracle Highest Vendor Manifest git-revision 143ffd0 Low Vendor Manifest Implementation-Vendor Eclipse Foundation High Vendor Manifest Implementation-Vendor-Id org.eclipse Medium Vendor pom artifactid txw2 Highest Vendor pom artifactid txw2 Low Vendor pom groupid org.glassfish.jaxb Highest Vendor pom name TXW2 Runtime High Vendor pom parent-artifactid jaxb-txw-parent Low Vendor pom parent-groupid com.sun.xml.bind.mvn Medium Vendor pom url https://eclipse-ee4j.github.io/jaxb-ri/ Highest Product file name txw2 High Product jar package name sun Highest Product jar package name txw Highest Product jar package name txw2 Highest Product jar package name xml Highest Product Manifest git-revision 143ffd0 Low Product Manifest Implementation-Title Jakarta XML Binding Implementation High Product Manifest specification-title Jakarta XML Binding Medium Product pom artifactid txw2 Highest Product pom groupid org.glassfish.jaxb Highest Product pom name TXW2 Runtime High Product pom parent-artifactid jaxb-txw-parent Medium Product pom parent-groupid com.sun.xml.bind.mvn Medium Product pom url https://eclipse-ee4j.github.io/jaxb-ri/ Medium Version file version 2.3.9 High Version Manifest build-id 2.3.9 Medium Version Manifest Implementation-Version 2.3.9 High Version Manifest major-version 2.3.9 Medium Version pom version 2.3.9 Highest
uzaygezen-core-0.2.jar validation-api-1.1.0.Final.jarDescription:
Bean Validation API
License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/runner/.m2/repository/javax/validation/validation-api/1.1.0.Final/validation-api-1.1.0.Final.jar
MD5: 4c257f52462860b62ab3cdab45f53082
SHA1: 8613ae82954779d518631e05daa73a6a954817d5
SHA256: f39d7ba7253e35f5ac48081ec1bc28c5df9b32ac4b7db20853e5a8e76bf7b0ed
Referenced In Project/Scope: shardingsphere-infra-database-hive:provided
validation-api-1.1.0.Final.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.hive/hive-jdbc@3.1.3
Evidence Type Source Name Value Confidence Vendor file name validation-api High Vendor jar package name javax Highest Vendor jar package name validation Highest Vendor Manifest bundle-symbolicname javax.validation.api Medium Vendor pom artifactid validation-api Highest Vendor pom artifactid validation-api Low Vendor pom developer email emmanuel@hibernate.org Low Vendor pom developer email gunnar@hibernate.org Low Vendor pom developer email hferents@redhat.com Low Vendor pom developer id emmanuelbernard Medium Vendor pom developer id epbernard Medium Vendor pom developer id gunnar.morling Medium Vendor pom developer id hardy.ferentschik Medium Vendor pom developer name Emmanuel Bernard Medium Vendor pom developer name Gunnar Morling Medium Vendor pom developer name Hardy Ferentschik Medium Vendor pom developer org JBoss, by Red Hat Medium Vendor pom groupid javax.validation Highest Vendor pom name Bean Validation API High Vendor pom url http://beanvalidation.org Highest Product file name validation-api High Product jar package name javax Highest Product jar package name validation Highest Product Manifest Bundle-Name Bean Validation API Medium Product Manifest bundle-symbolicname javax.validation.api Medium Product pom artifactid validation-api Highest Product pom developer email emmanuel@hibernate.org Low Product pom developer email gunnar@hibernate.org Low Product pom developer email hferents@redhat.com Low Product pom developer id emmanuelbernard Low Product pom developer id epbernard Low Product pom developer id gunnar.morling Low Product pom developer id hardy.ferentschik Low Product pom developer name Emmanuel Bernard Low Product pom developer name Gunnar Morling Low Product pom developer name Hardy Ferentschik Low Product pom developer org JBoss, by Red Hat Low Product pom groupid javax.validation Highest Product pom name Bean Validation API High Product pom url http://beanvalidation.org Medium Version Manifest Bundle-Version 1.1.0.Final High Version pom version 1.1.0.Final Highest
value-2.9.3.jarDescription:
Compile time annotations and compile time annotation processor to generate consistent value object using
either abstract class, interface or annotation as a base. File Path: /home/runner/.m2/repository/org/immutables/value/2.9.3/value-2.9.3.jarMD5: 8d5104cfda4a55244f876a4ca5bb041fSHA1: fa64592ea2e7559ef406593904c10ef2cca1f36eSHA256: d16b7cc04f50217b495c44a783424d68dbe7cb1bc8f71bff230d55f48b997585Referenced In Project/Scope: shardingsphere-sql-federation-optimizer:providedvalue-2.9.3.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.shardingsphere/shardingsphere-sql-federation-optimizer@5.5.1-SNAPSHOT
Evidence Type Source Name Value Confidence Vendor file name value High Vendor jar package name immutables Highest Vendor jar package name processor Highest Vendor jar package name value Highest Vendor Manifest automatic-module-name org.immutables.value Medium Vendor pom artifactid value Highest Vendor pom artifactid value Low Vendor pom groupid org.immutables Highest Vendor pom name ${project.groupId}.${project.artifactId} High Vendor pom parent-artifactid immutables Low Product file name value High Product jar package name immutables Highest Product jar package name processor Highest Product jar package name value Highest Product Manifest automatic-module-name org.immutables.value Medium Product pom artifactid value Highest Product pom groupid org.immutables Highest Product pom name ${project.groupId}.${project.artifactId} High Product pom parent-artifactid immutables Medium Version file version 2.9.3 High Version pom version 2.9.3 Highest
websocket-api-9.3.20.v20170531.jarDescription:
Jetty module for Jetty :: Websocket :: API License:
http://www.apache.org/licenses/LICENSE-2.0, http://www.eclipse.org/org/documents/epl-v10.php File Path: /home/runner/.m2/repository/org/eclipse/jetty/websocket/websocket-api/9.3.20.v20170531/websocket-api-9.3.20.v20170531.jar
MD5: e70cd52e9b48a30088c18c4ef1dc203f
SHA1: c787782c5acbf916dc05277c98f5e9a76497eb32
SHA256: d49e5e5c9c199c016c02a8d973cb72e9cfbb4cdaaa72f79cdf52cd8204487e56
Referenced In Project/Scope: shardingsphere-infra-database-hive:provided
websocket-api-9.3.20.v20170531.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.hive/hive-jdbc@3.1.3
Evidence Type Source Name Value Confidence Vendor file name websocket-api High Vendor jar package name api Highest Vendor jar package name eclipse Highest Vendor jar package name jetty Highest Vendor jar package name websocket Highest Vendor Manifest bundle-copyright Copyright (c) 2008-2017 Mort Bay Consulting Pty. Ltd. Low Vendor Manifest bundle-docurl http://www.eclipse.org/jetty Low Vendor Manifest bundle-requiredexecutionenvironment JavaSE-1.8 Low Vendor Manifest bundle-symbolicname org.eclipse.jetty.websocket.api Medium Vendor Manifest Implementation-Vendor Eclipse.org - Jetty High Vendor Manifest originally-created-by Apache Maven Bundle Plugin Low Vendor Manifest url http://www.eclipse.org/jetty Low Vendor pom artifactid websocket-api Highest Vendor pom artifactid websocket-api Low Vendor pom groupid org.eclipse.jetty.websocket Highest Vendor pom name Jetty :: Websocket :: API High Vendor pom parent-artifactid websocket-parent Low Product file name websocket-api High Product jar package name api Highest Product jar package name eclipse Highest Product jar package name jetty Highest Product jar package name websocket Highest Product Manifest bundle-copyright Copyright (c) 2008-2017 Mort Bay Consulting Pty. Ltd. Low Product Manifest bundle-docurl http://www.eclipse.org/jetty Low Product Manifest Bundle-Name Jetty :: Websocket :: API Medium Product Manifest bundle-requiredexecutionenvironment JavaSE-1.8 Low Product Manifest bundle-symbolicname org.eclipse.jetty.websocket.api Medium Product Manifest originally-created-by Apache Maven Bundle Plugin Low Product Manifest url http://www.eclipse.org/jetty Low Product pom artifactid websocket-api Highest Product pom groupid org.eclipse.jetty.websocket Highest Product pom name Jetty :: Websocket :: API High Product pom parent-artifactid websocket-parent Medium Version file version 9.3.20.v20170531 High Version Manifest Bundle-Version 9.3.20.v20170531 High Version Manifest Implementation-Version 9.3.20.v20170531 High Version pom version 9.3.20.v20170531 Highest
websocket-server-9.3.20.v20170531.jarDescription:
Jetty module for Jetty :: Websocket :: Server License:
http://www.apache.org/licenses/LICENSE-2.0, http://www.eclipse.org/org/documents/epl-v10.php File Path: /home/runner/.m2/repository/org/eclipse/jetty/websocket/websocket-server/9.3.20.v20170531/websocket-server-9.3.20.v20170531.jar
MD5: cb75277527409ba3530554a773c2dc95
SHA1: bd02308e72e73f60f3b313e831b18a899c04658e
SHA256: c75dca33532f9884e044dfa2e3772a23dc91bfdfe3db9676c2ccf03ca12eba7d
Referenced In Project/Scope: shardingsphere-infra-database-hive:provided
websocket-server-9.3.20.v20170531.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.hive/hive-jdbc@3.1.3
Evidence Type Source Name Value Confidence Vendor file name websocket-server High Vendor jar package name eclipse Highest Vendor jar package name jetty Highest Vendor jar package name server Highest Vendor jar package name websocket Highest Vendor Manifest bundle-copyright Copyright (c) 2008-2017 Mort Bay Consulting Pty. Ltd. Low Vendor Manifest bundle-docurl http://www.eclipse.org/jetty Low Vendor Manifest bundle-requiredexecutionenvironment JavaSE-1.8 Low Vendor Manifest bundle-symbolicname org.eclipse.jetty.websocket.server Medium Vendor Manifest Implementation-Vendor Eclipse.org - Jetty High Vendor Manifest originally-created-by Apache Maven Bundle Plugin Low Vendor Manifest url http://www.eclipse.org/jetty Low Vendor pom artifactid websocket-server Highest Vendor pom artifactid websocket-server Low Vendor pom groupid org.eclipse.jetty.websocket Highest Vendor pom name Jetty :: Websocket :: Server High Vendor pom parent-artifactid websocket-parent Low Product file name websocket-server High Product jar package name eclipse Highest Product jar package name jetty Highest Product jar package name server Highest Product jar package name websocket Highest Product Manifest bundle-copyright Copyright (c) 2008-2017 Mort Bay Consulting Pty. Ltd. Low Product Manifest bundle-docurl http://www.eclipse.org/jetty Low Product Manifest Bundle-Name Jetty :: Websocket :: Server Medium Product Manifest bundle-requiredexecutionenvironment JavaSE-1.8 Low Product Manifest bundle-symbolicname org.eclipse.jetty.websocket.server Medium Product Manifest originally-created-by Apache Maven Bundle Plugin Low Product Manifest url http://www.eclipse.org/jetty Low Product pom artifactid websocket-server Highest Product pom groupid org.eclipse.jetty.websocket Highest Product pom name Jetty :: Websocket :: Server High Product pom parent-artifactid websocket-parent Medium Version file version 9.3.20.v20170531 High Version Manifest Bundle-Version 9.3.20.v20170531 High Version Manifest Implementation-Version 9.3.20.v20170531 High Version pom version 9.3.20.v20170531 Highest
Related Dependencies websocket-client-9.3.20.v20170531.jarFile Path: /home/runner/.m2/repository/org/eclipse/jetty/websocket/websocket-client/9.3.20.v20170531/websocket-client-9.3.20.v20170531.jar MD5: c6d47810c8af9f3a54da1cc70cceabf4 SHA1: 6c9593d964eee588c3ecc4c7259873cc9f9be0fc SHA256: b2ffa5a2f4440c8c266b643aeea37571d7c9062f9bdb6d3fd7e4d91277b7522d pkg:maven/org.eclipse.jetty.websocket/websocket-client@9.3.20.v20170531 websocket-common-9.3.20.v20170531.jarFile Path: /home/runner/.m2/repository/org/eclipse/jetty/websocket/websocket-common/9.3.20.v20170531/websocket-common-9.3.20.v20170531.jar MD5: ffadb7dad9d4c2a7518628a6be929ab7 SHA1: c6e21ead086899894d17789b111162fe682c1741 SHA256: c6d42bbd4e78d03017b4b9cc50a63b87ea1ea705404e3e441643c97ade173f2e pkg:maven/org.eclipse.jetty.websocket/websocket-common@9.3.20.v20170531 websocket-servlet-9.3.20.v20170531.jarFile Path: /home/runner/.m2/repository/org/eclipse/jetty/websocket/websocket-servlet/9.3.20.v20170531/websocket-servlet-9.3.20.v20170531.jar MD5: a8b3bf064bdec7be1080bd96369dc4ec SHA1: 57893242e63bffc425200e74651a913ac6d0ec58 SHA256: c07acd6c1d6bc28d7d84bee09e7b8349cd088572499c283d9233fc652588f311 pkg:maven/org.eclipse.jetty.websocket/websocket-servlet@9.3.20.v20170531 CVE-2017-7657 suppress
In Eclipse Jetty, versions 9.2.x and older, 9.3.x (all configurations), and 9.4.x (non-default configuration with RFC2616 compliance enabled), transfer-encoding chunks are handled poorly. The chunk length parsing was vulnerable to an integer overflow. Thus a large chunk size could be interpreted as a smaller chunk size and content sent as chunk body could be interpreted as a pipelined request. If Jetty was deployed behind an intermediary that imposed some authorization and that intermediary allowed arbitrarily large chunks to be passed on unchanged, then this flaw could be used to bypass the authorization imposed by the intermediary as the fake pipelined request would not be interpreted by the intermediary as a request. CWE-444 Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling'), CWE-190 Integer Overflow or Wraparound
CVSSv2:
Base Score: HIGH (7.5) Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P CVSSv3:
Base Score: CRITICAL (9.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:3.9/RC:R/MAV:A References:
Vulnerable Software & Versions: (show all )
CVE-2017-7658 suppress
In Eclipse Jetty Server, versions 9.2.x and older, 9.3.x (all non HTTP/1.x configurations), and 9.4.x (all HTTP/1.x configurations), when presented with two content-lengths headers, Jetty ignored the second. When presented with a content-length and a chunked encoding header, the content-length was ignored (as per RFC 2616). If an intermediary decided on the shorter length, but still passed on the longer body, then body content could be interpreted by Jetty as a pipelined request. If the intermediary was imposing authorization, the fake pipelined request would bypass that authorization. CWE-444 Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')
CVSSv2:
Base Score: HIGH (7.5) Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P CVSSv3:
Base Score: CRITICAL (9.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:3.9/RC:R/MAV:A References:
Vulnerable Software & Versions: (show all )
CVE-2017-7656 suppress
In Eclipse Jetty, versions 9.2.x and older, 9.3.x (all configurations), and 9.4.x (non-default configuration with RFC2616 compliance enabled), HTTP/0.9 is handled poorly. An HTTP/1 style request line (i.e. method space URI space version) that declares a version of HTTP/0.9 was accepted and treated as a 0.9 request. If deployed behind an intermediary that also accepted and passed through the 0.9 version (but did not act on it), then the response sent could be interpreted by the intermediary as HTTP/1 headers. This could be used to poison the cache if the server allowed the origin client to generate arbitrary content in the response. CWE-444 Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling'), NVD-CWE-noinfo
CVSSv2:
Base Score: MEDIUM (5.0) Vector: /AV:N/AC:L/Au:N/C:N/I:P/A:N CVSSv3:
Base Score: HIGH (7.5) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:3.9/RC:R/MAV:A References:
Vulnerable Software & Versions: (show all )
CVE-2018-12545 suppress
In Eclipse Jetty version 9.3.x and 9.4.x, the server is vulnerable to Denial of Service conditions if a remote client sends either large SETTINGs frames container containing many settings, or many small SETTINGs frames. The vulnerability is due to the additional CPU and memory allocations required to handle changed settings. CWE-400 Uncontrolled Resource Consumption, CWE-770 Allocation of Resources Without Limits or Throttling
CVSSv2:
Base Score: MEDIUM (5.0) Vector: /AV:N/AC:L/Au:N/C:N/I:N/A:P CVSSv3:
Base Score: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:3.9/RC:R/MAV:A References:
Vulnerable Software & Versions: (show all )
CVE-2021-28165 suppress
In Eclipse Jetty 7.2.2 to 9.4.38, 10.0.0.alpha0 to 10.0.1, and 11.0.0.alpha0 to 11.0.1, CPU usage can reach 100% upon receiving a large invalid TLS frame. CWE-400 Uncontrolled Resource Consumption, CWE-755 Improper Handling of Exceptional Conditions, CWE-551 Incorrect Behavior Order: Authorization Before Parsing and Canonicalization
CVSSv2:
Base Score: HIGH (7.8) Vector: /AV:N/AC:L/Au:N/C:N/I:N/A:C CVSSv3:
Base Score: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:3.9/RC:R/MAV:A References:
Vulnerable Software & Versions: (show all )
CVE-2022-2048 suppress
In Eclipse Jetty HTTP/2 server implementation, when encountering an invalid HTTP/2 request, the error handling has a bug that can wind up not properly cleaning up the active connections and associated resources. This can lead to a Denial of Service scenario where there are no enough resources left to process good requests. CWE-664 Improper Control of a Resource Through its Lifetime, NVD-CWE-Other, CWE-410 Insufficient Resource Pool
CVSSv2:
Base Score: MEDIUM (5.0) Vector: /AV:N/AC:L/Au:N/C:N/I:N/A:P CVSSv3:
Base Score: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:3.9/RC:R/MAV:A References:
Vulnerable Software & Versions: (show all )
CVE-2023-36478 suppress
Eclipse Jetty provides a web server and servlet container. In versions 11.0.0 through 11.0.15, 10.0.0 through 10.0.15, and 9.0.0 through 9.4.52, an integer overflow in `MetaDataBuilder.checkSize` allows for HTTP/2 HPACK header values to
exceed their size limit. `MetaDataBuilder.java` determines if a header name or value exceeds the size limit, and throws an exception if the limit is exceeded. However, when length is very large and huffman is true, the multiplication by 4 in line 295
will overflow, and length will become negative. `(_size+length)` will now be negative, and the check on line 296 will not be triggered. Furthermore, `MetaDataBuilder.checkSize` allows for user-entered HPACK header value sizes to be negative, potentially leading to a very large buffer allocation later on when the user-entered size is multiplied by 2. This means that if a user provides a negative length value (or, more precisely, a length value which, when multiplied by the 4/3 fudge factor, is negative), and this length value is a very large positive number when multiplied by 2, then the user can cause a very large buffer to be allocated on the server. Users of HTTP/2 can be impacted by a remote denial of service attack. The issue has been fixed in versions 11.0.16, 10.0.16, and 9.4.53. There are no known workarounds. CWE-400 Uncontrolled Resource Consumption, CWE-190 Integer Overflow or Wraparound
CVSSv3:
Base Score: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:3.9/RC:R/MAV:A References:
Vulnerable Software & Versions: (show all )
CVE-2023-44487 suppress
CISA Known Exploited Vulnerability: Product: IETF HTTP/2 Name: HTTP/2 Rapid Reset Attack Vulnerability Date Added: 2023-10-10 Description: HTTP/2 contains a rapid reset vulnerability that allows for a distributed denial-of-service attack (DDoS). Required Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. Due Date: 2023-10-31 Notes: This vulnerability affects a common open-source component, third-party library, or a protocol used by different products. Please check with specific vendors for information on patching status. For more information, please see: https://blog.cloudflare.com/technical-breakdown-http2-rapid-reset-ddos-attack/
The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. CWE-400 Uncontrolled Resource Consumption
CVSSv3:
Base Score: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:3.9/RC:R/MAV:A References:
cve@mitre.org - EXPLOIT,THIRD_PARTY_ADVISORY cve@mitre.org - ISSUE_TRACKING cve@mitre.org - ISSUE_TRACKING,PATCH,VENDOR_ADVISORY cve@mitre.org - ISSUE_TRACKING,PATCH,VENDOR_ADVISORY cve@mitre.org - ISSUE_TRACKING,PATCH,VENDOR_ADVISORY cve@mitre.org - ISSUE_TRACKING,PATCH,VENDOR_ADVISORY cve@mitre.org - ISSUE_TRACKING,PRESS/MEDIA_COVERAGE cve@mitre.org - ISSUE_TRACKING,THIRD_PARTY_ADVISORY cve@mitre.org - ISSUE_TRACKING,THIRD_PARTY_ADVISORY cve@mitre.org - ISSUE_TRACKING,THIRD_PARTY_ADVISORY cve@mitre.org - ISSUE_TRACKING,THIRD_PARTY_ADVISORY cve@mitre.org - ISSUE_TRACKING,VENDOR_ADVISORY cve@mitre.org - ISSUE_TRACKING,VENDOR_ADVISORY cve@mitre.org - ISSUE_TRACKING,VENDOR_ADVISORY cve@mitre.org - ISSUE_TRACKING,VENDOR_ADVISORY cve@mitre.org - ISSUE_TRACKING,VENDOR_ADVISORY cve@mitre.org - ISSUE_TRACKING,VENDOR_ADVISORY cve@mitre.org - ISSUE_TRACKING,VENDOR_ADVISORY cve@mitre.org - ISSUE_TRACKING,VENDOR_ADVISORY cve@mitre.org - ISSUE_TRACKING,VENDOR_ADVISORY cve@mitre.org - ISSUE_TRACKING,VENDOR_ADVISORY cve@mitre.org - ISSUE_TRACKING,VENDOR_ADVISORY cve@mitre.org - ISSUE_TRACKING,VENDOR_ADVISORY cve@mitre.org - ISSUE_TRACKING,VENDOR_ADVISORY cve@mitre.org - ISSUE_TRACKING,VENDOR_ADVISORY cve@mitre.org - ISSUE_TRACKING,VENDOR_ADVISORY cve@mitre.org - ISSUE_TRACKING,VENDOR_ADVISORY cve@mitre.org - ISSUE_TRACKING,VENDOR_ADVISORY cve@mitre.org - ISSUE_TRACKING,VENDOR_ADVISORY cve@mitre.org - MAILING_LIST cve@mitre.org - MAILING_LIST,PATCH,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,PATCH,VENDOR_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,VENDOR_ADVISORY cve@mitre.org - MAILING_LIST,VENDOR_ADVISORY cve@mitre.org - MITIGATION,PATCH,VENDOR_ADVISORY cve@mitre.org - MITIGATION,PATCH,VENDOR_ADVISORY cve@mitre.org - MITIGATION,VENDOR_ADVISORY cve@mitre.org - MITIGATION,VENDOR_ADVISORY cve@mitre.org - PATCH,THIRD_PARTY_ADVISORY cve@mitre.org - PATCH,THIRD_PARTY_ADVISORY cve@mitre.org - PATCH,VENDOR_ADVISORY cve@mitre.org - PATCH,VENDOR_ADVISORY cve@mitre.org - PATCH,VENDOR_ADVISORY cve@mitre.org - PATCH,VENDOR_ADVISORY cve@mitre.org - PATCH,VENDOR_ADVISORY cve@mitre.org - PATCH,VENDOR_ADVISORY cve@mitre.org - PATCH,VENDOR_ADVISORY cve@mitre.org - PATCH,VENDOR_ADVISORY cve@mitre.org - PATCH,VENDOR_ADVISORY cve@mitre.org - PATCH,VENDOR_ADVISORY cve@mitre.org - PRESS/MEDIA_COVERAGE cve@mitre.org - PRESS/MEDIA_COVERAGE,THIRD_PARTY_ADVISORY cve@mitre.org - PRESS/MEDIA_COVERAGE,THIRD_PARTY_ADVISORY cve@mitre.org - PRESS/MEDIA_COVERAGE,THIRD_PARTY_ADVISORY cve@mitre.org - PRESS/MEDIA_COVERAGE,THIRD_PARTY_ADVISORY cve@mitre.org - PRODUCT,RELEASE_NOTES,VENDOR_ADVISORY cve@mitre.org - PRODUCT,THIRD_PARTY_ADVISORY cve@mitre.org - PRODUCT,THIRD_PARTY_ADVISORY cve@mitre.org - PRODUCT,VENDOR_ADVISORY cve@mitre.org - RELEASE_NOTES,THIRD_PARTY_ADVISORY cve@mitre.org - RELEASE_NOTES,THIRD_PARTY_ADVISORY cve@mitre.org - RELEASE_NOTES,VENDOR_ADVISORY cve@mitre.org - RELEASE_NOTES,VENDOR_ADVISORY cve@mitre.org - TECHNICAL_DESCRIPTION,THIRD_PARTY_ADVISORY cve@mitre.org - TECHNICAL_DESCRIPTION,VENDOR_ADVISORY cve@mitre.org - TECHNICAL_DESCRIPTION,VENDOR_ADVISORY cve@mitre.org - TECHNICAL_DESCRIPTION,VENDOR_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY,US_GOVERNMENT_RESOURCE cve@mitre.org - VENDOR_ADVISORY cve@mitre.org - VENDOR_ADVISORY cve@mitre.org - VENDOR_ADVISORY cve@mitre.org - VENDOR_ADVISORY cve@mitre.org - VENDOR_ADVISORY cve@mitre.org - VENDOR_ADVISORY cve@mitre.org - VENDOR_ADVISORY cve@mitre.org - VENDOR_ADVISORY cve@mitre.org - VENDOR_ADVISORY cve@mitre.org - VENDOR_ADVISORY cve@mitre.org - VENDOR_ADVISORY cve@mitre.org - VENDOR_ADVISORY cve@mitre.org - VENDOR_ADVISORY cve@mitre.org - VENDOR_ADVISORY cve@mitre.org - VENDOR_ADVISORY cve@mitre.org - VENDOR_ADVISORY cve@mitre.org - VENDOR_ADVISORY cve@mitre.org - VENDOR_ADVISORY cve@mitre.org - VENDOR_ADVISORY cve@mitre.org - VENDOR_ADVISORY cve@mitre.org - VENDOR_ADVISORY Vulnerable Software & Versions: (show all )
CVE-2020-27216 suppress
In Eclipse Jetty versions 1.0 thru 9.4.32.v20200930, 10.0.0.alpha1 thru 10.0.0.beta2, and 11.0.0.alpha1 thru 11.0.0.beta2O, on Unix like systems, the system's temporary directory is shared between all users on that system. A collocated user can observe the process of creating a temporary sub directory in the shared temporary directory and race to complete the creation of the temporary subdirectory. If the attacker wins the race then they will have read and write permission to the subdirectory used to unpack web applications, including their WEB-INF/lib jar files and JSP files. If any code is ever executed out of this temporary directory, this can lead to a local privilege escalation vulnerability. CWE-378 Creation of Temporary File With Insecure Permissions, CWE-379 Creation of Temporary File in Directory with Insecure Permissions, NVD-CWE-Other
CVSSv2:
Base Score: MEDIUM (4.4) Vector: /AV:L/AC:M/Au:N/C:P/I:P/A:P CVSSv3:
Base Score: HIGH (7.0) Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:1.0/RC:R/MAV:A References:
emo@eclipse.org - EXPLOIT,MITIGATION,THIRD_PARTY_ADVISORY emo@eclipse.org - EXPLOIT,PATCH,VENDOR_ADVISORY emo@eclipse.org - MAILING_LIST,THIRD_PARTY_ADVISORY emo@eclipse.org - NOT_APPLICABLE,THIRD_PARTY_ADVISORY emo@eclipse.org - PATCH,THIRD_PARTY_ADVISORY emo@eclipse.org - PATCH,THIRD_PARTY_ADVISORY emo@eclipse.org - PATCH,THIRD_PARTY_ADVISORY emo@eclipse.org - PATCH,THIRD_PARTY_ADVISORY emo@eclipse.org - THIRD_PARTY_ADVISORY emo@eclipse.org - THIRD_PARTY_ADVISORY Vulnerable Software & Versions: (show all )
CVE-2019-10241 suppress
In Eclipse Jetty version 9.2.26 and older, 9.3.25 and older, and 9.4.15 and older, the server is vulnerable to XSS conditions if a remote client USES a specially formatted URL against the DefaultServlet or ResourceHandler that is configured for showing a Listing of directory contents. CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVSSv2:
Base Score: MEDIUM (4.3) Vector: /AV:N/AC:M/Au:N/C:N/I:P/A:N CVSSv3:
Base Score: MEDIUM (6.1) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:2.8/RC:R/MAV:A References:
Vulnerable Software & Versions: (show all )
CVE-2018-12536 suppress
In Eclipse Jetty Server, all 9.x versions, on webapps deployed using default Error Handling, when an intentionally bad query arrives that doesn't match a dynamic url-pattern, and is eventually handled by the DefaultServlet's static file serving, the bad characters can trigger a java.nio.file.InvalidPathException which includes the full path to the base resource directory that the DefaultServlet and/or webapp is using. If this InvalidPathException is then handled by the default Error Handler, the InvalidPathException message is included in the error response, revealing the full server path to the requesting system. CWE-209 Generation of Error Message Containing Sensitive Information, NVD-CWE-noinfo
CVSSv2:
Base Score: MEDIUM (5.0) Vector: /AV:N/AC:L/Au:N/C:P/I:N/A:N CVSSv3:
Base Score: MEDIUM (5.3) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:3.9/RC:R/MAV:A References:
Vulnerable Software & Versions: (show all )
CVE-2019-10247 suppress
In Eclipse Jetty version 7.x, 8.x, 9.2.27 and older, 9.3.26 and older, and 9.4.16 and older, the server running on any OS and Jetty version combination will reveal the configured fully qualified directory base resource location on the output of the 404 error for not finding a Context that matches the requested path. The default server behavior on jetty-distribution and jetty-home will include at the end of the Handler tree a DefaultHandler, which is responsible for reporting this 404 error, it presents the various configured contexts as HTML for users to click through to. This produced HTML includes output that contains the configured fully qualified directory base resource location for each context. CWE-213 Exposure of Sensitive Information Due to Incompatible Policies, CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
CVSSv2:
Base Score: MEDIUM (5.0) Vector: /AV:N/AC:L/Au:N/C:P/I:N/A:N CVSSv3:
Base Score: MEDIUM (5.3) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:3.9/RC:R/MAV:A References:
Vulnerable Software & Versions: (show all )
CVE-2021-28169 suppress
For Eclipse Jetty versions <= 9.4.40, <= 10.0.2, <= 11.0.2, it is possible for requests to the ConcatServlet with a doubly encoded path to access protected resources within the WEB-INF directory. For example a request to `/concat?/%2557EB-INF/web.xml` can retrieve the web.xml file. This can reveal sensitive information regarding the implementation of a web application. NVD-CWE-Other, CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
CVSSv2:
Base Score: MEDIUM (5.0) Vector: /AV:N/AC:L/Au:N/C:P/I:N/A:N CVSSv3:
Base Score: MEDIUM (5.3) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:3.9/RC:R/MAV:A References:
Vulnerable Software & Versions: (show all )
CVE-2023-26048 suppress
Jetty is a java based web server and servlet engine. In affected versions servlets with multipart support (e.g. annotated with `@MultipartConfig`) that call `HttpServletRequest.getParameter()` or `HttpServletRequest.getParts()` may cause `OutOfMemoryError` when the client sends a multipart request with a part that has a name but no filename and very large content. This happens even with the default settings of `fileSizeThreshold=0` which should stream the whole part content to disk. An attacker client may send a large multipart request and cause the server to throw `OutOfMemoryError`. However, the server may be able to recover after the `OutOfMemoryError` and continue its service -- although it may take some time. This issue has been patched in versions 9.4.51, 10.0.14, and 11.0.14. Users are advised to upgrade. Users unable to upgrade may set the multipart parameter `maxRequestSize` which must be set to a non-negative value, so the whole multipart content is limited (although still read into memory). CWE-400 Uncontrolled Resource Consumption, CWE-770 Allocation of Resources Without Limits or Throttling
CVSSv3:
Base Score: MEDIUM (5.3) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:3.9/RC:R/MAV:A References:
Vulnerable Software & Versions: (show all )
CVE-2023-26049 suppress
Jetty is a java based web server and servlet engine. Nonstandard cookie parsing in Jetty may allow an attacker to smuggle cookies within other cookies, or otherwise perform unintended behavior by tampering with the cookie parsing mechanism. If Jetty sees a cookie VALUE that starts with `"` (double quote), it will continue to read the cookie string until it sees a closing quote -- even if a semicolon is encountered. So, a cookie header such as: `DISPLAY_LANGUAGE="b; JSESSIONID=1337; c=d"` will be parsed as one cookie, with the name DISPLAY_LANGUAGE and a value of b; JSESSIONID=1337; c=d instead of 3 separate cookies. This has security implications because if, say, JSESSIONID is an HttpOnly cookie, and the DISPLAY_LANGUAGE cookie value is rendered on the page, an attacker can smuggle the JSESSIONID cookie into the DISPLAY_LANGUAGE cookie and thereby exfiltrate it. This is significant when an intermediary is enacting some policy based on cookies, so a smuggled cookie can bypass that policy yet still be seen by the Jetty server or its logging system. This issue has been addressed in versions 9.4.51, 10.0.14, 11.0.14, and 12.0.0.beta0 and users are advised to upgrade. There are no known workarounds for this issue. NVD-CWE-noinfo, CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
CVSSv3:
Base Score: MEDIUM (5.3) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:3.9/RC:R/MAV:A References:
Vulnerable Software & Versions: (show all )
CVE-2023-40167 suppress
Jetty is a Java based web server and servlet engine. Prior to versions 9.4.52, 10.0.16, 11.0.16, and 12.0.1, Jetty accepts the `+` character proceeding the content-length value in a HTTP/1 header field. This is more permissive than allowed by the RFC and other servers routinely reject such requests with 400 responses. There is no known exploit scenario, but it is conceivable that request smuggling could result if jetty is used in combination with a server that does not close the connection after sending such a 400 response. Versions 9.4.52, 10.0.16, 11.0.16, and 12.0.1 contain a patch for this issue. There is no workaround as there is no known exploit scenario. CWE-130 Improper Handling of Length Parameter Inconsistency, NVD-CWE-noinfo
CVSSv3:
Base Score: MEDIUM (5.3) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:3.9/RC:R/MAV:A References:
Vulnerable Software & Versions: (show all )
CVE-2023-36479 suppress
Eclipse Jetty Canonical Repository is the canonical repository for the Jetty project. Users of the CgiServlet with a very specific command structure may have the wrong command executed. If a user sends a request to a org.eclipse.jetty.servlets.CGI Servlet for a binary with a space in its name, the servlet will escape the command by wrapping it in quotation marks. This wrapped command, plus an optional command prefix, will then be executed through a call to Runtime.exec. If the original binary name provided by the user contains a quotation mark followed by a space, the resulting command line will contain multiple tokens instead of one. This issue was patched in version 9.4.52, 10.0.16, 11.0.16 and 12.0.0-beta2.
CWE-149 Improper Neutralization of Quoting Syntax
CVSSv3:
Base Score: MEDIUM (4.3) Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N/E:2.8/RC:R/MAV:A References:
Vulnerable Software & Versions: (show all )
CVE-2021-34428 suppress
For Eclipse Jetty versions <= 9.4.40, <= 10.0.2, <= 11.0.2, if an exception is thrown from the SessionListener#sessionDestroyed() method, then the session ID is not invalidated in the session ID manager. On deployments with clustered sessions and multiple contexts this can result in a session not being invalidated. This can result in an application used on a shared computer being left logged in. CWE-613 Insufficient Session Expiration
CVSSv2:
Base Score: LOW (3.6) Vector: /AV:L/AC:L/Au:N/C:P/I:P/A:N CVSSv3:
Base Score: LOW (3.5) Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N/E:0.9/RC:R/MAV:A References:
Vulnerable Software & Versions: (show all )
CVE-2022-2047 suppress
In Eclipse Jetty versions 9.4.0 thru 9.4.46, and 10.0.0 thru 10.0.9, and 11.0.0 thru 11.0.9 versions, the parsing of the authority segment of an http scheme URI, the Jetty HttpURI class improperly detects an invalid input as a hostname. This can lead to failures in a Proxy scenario. CWE-20 Improper Input Validation
CVSSv2:
Base Score: MEDIUM (4.0) Vector: /AV:N/AC:L/Au:S/C:N/I:P/A:N CVSSv3:
Base Score: LOW (2.7) Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N/E:1.2/RC:R/MAV:A References:
Vulnerable Software & Versions: (show all )
woodstox-core-6.5.1.jar (shaded: com.sun.xml.bind.jaxb:isorelax:20090621)Description:
Unknown version of isorelax library used in JAXB project File Path: /home/runner/.m2/repository/com/fasterxml/woodstox/woodstox-core/6.5.1/woodstox-core-6.5.1.jar/META-INF/maven/com.sun.xml.bind.jaxb/isorelax/pom.xmlMD5: 6fbb4bc95fbf2072bc6e3b790553fe81SHA1: 314ec72948d5c1fc71d553cbbd7a130caa6f9f13SHA256: cda6451d0231a973352b592ff950e39224ba6ba1a2f35eeab66511b5c225dff1Referenced In Projects/Scopes:
shardingsphere-agent-metrics-core:provided shardingsphere-proxy-native-distribution:compile shardingsphere-agent-tracing-core:provided shardingsphere-test-e2e-sql:compile shardingsphere-proxy-backend-hbase:compile shardingsphere-agent-logging-file:provided shardingsphere-test-e2e-fixture:compile shardingsphere-agent-plugin-core:provided shardingsphere-test-e2e-agent-plugins-zipkin:compile shardingsphere-test-e2e-driver:compile shardingsphere-agent-plugin-logging:provided shardingsphere-test-e2e-showprocesslist:compile shardingsphere-proxy-distribution:compile shardingsphere-test-e2e-transaction:compile shardingsphere-agent-metrics-type:provided shardingsphere-agent-tracing-opentelemetry:provided shardingsphere-data-pipeline-opengauss:compile shardingsphere-data-pipeline-core:compile shardingsphere-test-e2e-agent-plugins-logging-file:compile shardingsphere-jdbc-distribution:compile shardingsphere-agent-tracing-type:provided shardingsphere-test-e2e-agent-jdbc-project:compile shardingsphere-proxy-frontend-spi:compile shardingsphere-agent-plugins:provided shardingsphere-agent-plugin-tracing:provided shardingsphere-test-e2e-pipeline:compile shardingsphere-proxy-backend-opengauss:compile shardingsphere-data-pipeline-scenario-consistencycheck:compile shardingsphere-test-e2e-agent-plugins-metrics-prometheus:compile shardingsphere-test-e2e-agent-plugins-jaeger:compile shardingsphere-proxy-backend-postgresql:compile shardingsphere-agent-logging-type:provided shardingsphere-data-pipeline-cdc-core:compile shardingsphere-data-pipeline-postgresql:compile shardingsphere-test-e2e-env:compile shardingsphere-proxy-frontend-opengauss:compile shardingsphere-proxy-backend-core:compile shardingsphere-test-it-pipeline:compile shardingsphere-jdbc:compile shardingsphere-standalone-mode-repository-jdbc:compile shardingsphere-proxy-frontend-postgresql:compile shardingsphere-agent-metrics-prometheus:provided shardingsphere-proxy-frontend-mysql:compile shardingsphere-test-e2e-agent-plugins-common:compile shardingsphere-proxy-frontend-core:compile shardingsphere-proxy-bootstrap:compile shardingsphere-data-pipeline-distsql-handler:compile shardingsphere-agent-plugin-metrics:provided shardingsphere-data-pipeline-scenario-migration:compile shardingsphere-proxy-backend-mysql:compile Evidence Type Source Name Value Confidence Vendor pom artifactid isorelax Low Vendor pom groupid com.sun.xml.bind.jaxb Highest Vendor pom name JAXB isorelax library High Vendor pom parent-artifactid jvnet-parent Low Vendor pom parent-groupid net.java Medium Product pom artifactid isorelax Highest Product pom groupid com.sun.xml.bind.jaxb Highest Product pom name JAXB isorelax library High Product pom parent-artifactid jvnet-parent Medium Product pom parent-groupid net.java Medium Version pom parent-version 20090621 Low Version pom version 20090621 Highest
woodstox-core-6.5.1.jar (shaded: net.java.dev.msv:xsdlib:2013.6.1)Description:
XML Schema datatypes library File Path: /home/runner/.m2/repository/com/fasterxml/woodstox/woodstox-core/6.5.1/woodstox-core-6.5.1.jar/META-INF/maven/net.java.dev.msv/xsdlib/pom.xmlMD5: aaf872ed9d1aabee25e03c2a132ffd8eSHA1: 47f218a999411ed028f089d59ebef8f14e0fe914SHA256: d6e83c124436049d83238fc532a26c5d8ccd7e4ab10eba6d96043c850ac82f3cReferenced In Projects/Scopes:
shardingsphere-agent-metrics-core:provided shardingsphere-proxy-native-distribution:compile shardingsphere-agent-tracing-core:provided shardingsphere-test-e2e-sql:compile shardingsphere-proxy-backend-hbase:compile shardingsphere-agent-logging-file:provided shardingsphere-test-e2e-fixture:compile shardingsphere-agent-plugin-core:provided shardingsphere-test-e2e-agent-plugins-zipkin:compile shardingsphere-test-e2e-driver:compile shardingsphere-agent-plugin-logging:provided shardingsphere-test-e2e-showprocesslist:compile shardingsphere-proxy-distribution:compile shardingsphere-test-e2e-transaction:compile shardingsphere-agent-metrics-type:provided shardingsphere-agent-tracing-opentelemetry:provided shardingsphere-data-pipeline-opengauss:compile shardingsphere-data-pipeline-core:compile shardingsphere-test-e2e-agent-plugins-logging-file:compile shardingsphere-jdbc-distribution:compile shardingsphere-agent-tracing-type:provided shardingsphere-test-e2e-agent-jdbc-project:compile shardingsphere-proxy-frontend-spi:compile shardingsphere-agent-plugins:provided shardingsphere-agent-plugin-tracing:provided shardingsphere-test-e2e-pipeline:compile shardingsphere-proxy-backend-opengauss:compile shardingsphere-data-pipeline-scenario-consistencycheck:compile shardingsphere-test-e2e-agent-plugins-metrics-prometheus:compile shardingsphere-test-e2e-agent-plugins-jaeger:compile shardingsphere-proxy-backend-postgresql:compile shardingsphere-agent-logging-type:provided shardingsphere-data-pipeline-cdc-core:compile shardingsphere-data-pipeline-postgresql:compile shardingsphere-test-e2e-env:compile shardingsphere-proxy-frontend-opengauss:compile shardingsphere-proxy-backend-core:compile shardingsphere-test-it-pipeline:compile shardingsphere-jdbc:compile shardingsphere-standalone-mode-repository-jdbc:compile shardingsphere-proxy-frontend-postgresql:compile shardingsphere-agent-metrics-prometheus:provided shardingsphere-proxy-frontend-mysql:compile shardingsphere-test-e2e-agent-plugins-common:compile shardingsphere-proxy-frontend-core:compile shardingsphere-proxy-bootstrap:compile shardingsphere-data-pipeline-distsql-handler:compile shardingsphere-agent-plugin-metrics:provided shardingsphere-data-pipeline-scenario-migration:compile shardingsphere-proxy-backend-mysql:compile Evidence Type Source Name Value Confidence Vendor pom artifactid xsdlib Low Vendor pom groupid net.java.dev.msv Highest Vendor pom name MSV XML Schema Library High Vendor pom parent-artifactid msv Low Product pom artifactid xsdlib Highest Product pom groupid net.java.dev.msv Highest Product pom name MSV XML Schema Library High Product pom parent-artifactid msv Medium Version pom version 2013.6.1 Highest
woodstox-core-6.5.1.jarDescription:
Woodstox is a high-performance XML processor that implements Stax (JSR-173),
SAX2 and Stax2 APIs
License:
The Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/runner/.m2/repository/com/fasterxml/woodstox/woodstox-core/6.5.1/woodstox-core-6.5.1.jar
MD5: 961dd4b2afedf95293dfdd8adfc8f211
SHA1: c6e52e84fe959e69a243c83ec7d24cd889444ddf
SHA256: c928d60665c6415fb1c39775cf95cfc44f7f4580cf5ab01b1c380ebffd76887f
Referenced In Projects/Scopes: shardingsphere-agent-metrics-core:provided shardingsphere-proxy-native-distribution:compile shardingsphere-agent-tracing-core:provided shardingsphere-test-e2e-sql:compile shardingsphere-proxy-backend-hbase:compile shardingsphere-agent-logging-file:provided shardingsphere-test-e2e-fixture:compile shardingsphere-agent-plugin-core:provided shardingsphere-test-e2e-agent-plugins-zipkin:compile shardingsphere-test-e2e-driver:compile shardingsphere-agent-plugin-logging:provided shardingsphere-test-e2e-showprocesslist:compile shardingsphere-proxy-distribution:compile shardingsphere-test-e2e-transaction:compile shardingsphere-agent-metrics-type:provided shardingsphere-agent-tracing-opentelemetry:provided shardingsphere-data-pipeline-opengauss:compile shardingsphere-data-pipeline-core:compile shardingsphere-test-e2e-agent-plugins-logging-file:compile shardingsphere-jdbc-distribution:compile shardingsphere-agent-tracing-type:provided shardingsphere-test-e2e-agent-jdbc-project:compile shardingsphere-proxy-frontend-spi:compile shardingsphere-agent-plugins:provided shardingsphere-agent-plugin-tracing:provided shardingsphere-test-e2e-pipeline:compile shardingsphere-proxy-backend-opengauss:compile shardingsphere-data-pipeline-scenario-consistencycheck:compile shardingsphere-test-e2e-agent-plugins-metrics-prometheus:compile shardingsphere-test-e2e-agent-plugins-jaeger:compile shardingsphere-proxy-backend-postgresql:compile shardingsphere-agent-logging-type:provided shardingsphere-data-pipeline-cdc-core:compile shardingsphere-data-pipeline-postgresql:compile shardingsphere-test-e2e-env:compile shardingsphere-proxy-frontend-opengauss:compile shardingsphere-proxy-backend-core:compile shardingsphere-test-it-pipeline:compile shardingsphere-jdbc:compile shardingsphere-standalone-mode-repository-jdbc:compile shardingsphere-proxy-frontend-postgresql:compile shardingsphere-agent-metrics-prometheus:provided shardingsphere-proxy-frontend-mysql:compile shardingsphere-test-e2e-agent-plugins-common:compile shardingsphere-proxy-frontend-core:compile shardingsphere-proxy-bootstrap:compile shardingsphere-data-pipeline-distsql-handler:compile shardingsphere-agent-plugin-metrics:provided shardingsphere-data-pipeline-scenario-migration:compile shardingsphere-proxy-backend-mysql:compile woodstox-core-6.5.1.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.shardingsphere/shardingsphere-jdbc@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-common@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-postgresql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-mysql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-jdbc@5.5.1-SNAPSHOT pkg:maven/com.fasterxml.jackson.dataformat/jackson-dataformat-xml@2.16.1 pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-jdbc@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-bootstrap@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-common@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-jdbc@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-env@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-bootstrap@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-jdbc@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-standalone-mode-repository-jdbc@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-jdbc@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-bootstrap@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-jdbc@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-env@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-fixture@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-jdbc@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-jdbc@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-jdbc@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-jdbc@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-fixture@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-bootstrap@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-scenario-consistencycheck@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-common@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-jdbc@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-standalone-mode-repository-jdbc@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-frontend-postgresql@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-jdbc@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-data-pipeline-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-jdbc@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-backend-core@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-bootstrap@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-jdbc@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-bootstrap@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-proxy-bootstrap@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-test-e2e-agent-plugins-common@5.5.1-SNAPSHOT pkg:maven/org.apache.shardingsphere/shardingsphere-jdbc@5.5.1-SNAPSHOT Evidence Type Source Name Value Confidence Vendor file name woodstox-core High Vendor jar package name stax Highest Vendor Manifest build-jdk-spec 1.8 Low Vendor Manifest bundle-docurl https://github.com/FasterXML/woodstox Low Vendor Manifest bundle-symbolicname com.fasterxml.woodstox.woodstox-core Medium Vendor Manifest Implementation-Vendor FasterXML High Vendor Manifest Implementation-Vendor-Id com.fasterxml.woodstox Medium Vendor Manifest provide-capability osgi.service;objectClass:List="javax.xml.stream.XMLEventFactory";effective:=active,osgi.service;objectClass:List="javax.xml.stream.XMLInputFactory";effective:=active,osgi.service;objectClass:List="javax.xml.stream.XMLOutputFactory";effective:=active,osgi.service;objectClass:List="org.codehaus.stax2.validation.XMLValidationSchemaFactory";effective:=active,osgi.serviceloader;osgi.serviceloader="javax.xml.stream.XMLEventFactory";register:="com.ctc.wstx.stax.WstxEventFactory",osgi.serviceloader;osgi.serviceloader="javax.xml.stream.XMLInputFactory";register:="com.ctc.wstx.stax.WstxInputFactory",osgi.serviceloader;osgi.serviceloader="javax.xml.stream.XMLOutputFactory";register:="com.ctc.wstx.stax.WstxOutputFactory",osgi.serviceloader;osgi.serviceloader="org.codehaus.stax2.validation.XMLValidationSchemaFactory";register:="com.ctc.wstx.dtd.DTDSchemaFactory",osgi.serviceloader;osgi.serviceloader="org.codehaus.stax2.validation.XMLValidationSchemaFactory";register:="com.ctc.wstx.msv.RelaxNGSchemaFactory",osgi.serviceloader;osgi.serviceloader="org.codehaus.stax2.validation.XMLValidationSchemaFactory";register:="com.ctc.wstx.msv.W3CSchemaFactory" Low Vendor Manifest specification-vendor FasterXML Low Vendor pom artifactid woodstox-core Highest Vendor pom artifactid woodstox-core Low Vendor pom developer email tatu@fasterxml.com Low Vendor pom developer id cowtowncoder Medium Vendor pom developer name Tatu Saloranta Medium Vendor pom groupid com.fasterxml.woodstox Highest Vendor pom name Woodstox High Vendor pom organization name FasterXML High Vendor pom organization url http://fasterxml.com Medium Vendor pom parent-artifactid oss-parent Low Vendor pom parent-groupid com.fasterxml Medium Vendor pom url FasterXML/woodstox Highest Product file name woodstox-core High Product jar package name dtd Highest Product jar package name dtdschemafactory Highest Product jar package name msv Highest Product jar package name osgi Highest Product jar package name relaxngschemafactory Highest Product jar package name stax Highest Product jar package name w3cschemafactory Highest Product jar package name wstx Highest Product jar package name wstxeventfactory Highest Product jar package name wstxinputfactory Highest Product jar package name wstxoutputfactory Highest Product Manifest build-jdk-spec 1.8 Low Product Manifest bundle-docurl https://github.com/FasterXML/woodstox Low Product Manifest Bundle-Name Woodstox Medium Product Manifest bundle-symbolicname com.fasterxml.woodstox.woodstox-core Medium Product Manifest Implementation-Title Woodstox High Product Manifest provide-capability osgi.service;objectClass:List="javax.xml.stream.XMLEventFactory";effective:=active,osgi.service;objectClass:List="javax.xml.stream.XMLInputFactory";effective:=active,osgi.service;objectClass:List="javax.xml.stream.XMLOutputFactory";effective:=active,osgi.service;objectClass:List="org.codehaus.stax2.validation.XMLValidationSchemaFactory";effective:=active,osgi.serviceloader;osgi.serviceloader="javax.xml.stream.XMLEventFactory";register:="com.ctc.wstx.stax.WstxEventFactory",osgi.serviceloader;osgi.serviceloader="javax.xml.stream.XMLInputFactory";register:="com.ctc.wstx.stax.WstxInputFactory",osgi.serviceloader;osgi.serviceloader="javax.xml.stream.XMLOutputFactory";register:="com.ctc.wstx.stax.WstxOutputFactory",osgi.serviceloader;osgi.serviceloader="org.codehaus.stax2.validation.XMLValidationSchemaFactory";register:="com.ctc.wstx.dtd.DTDSchemaFactory",osgi.serviceloader;osgi.serviceloader="org.codehaus.stax2.validation.XMLValidationSchemaFactory";register:="com.ctc.wstx.msv.RelaxNGSchemaFactory",osgi.serviceloader;osgi.serviceloader="org.codehaus.stax2.validation.XMLValidationSchemaFactory";register:="com.ctc.wstx.msv.W3CSchemaFactory" Low Product Manifest specification-title Woodstox Medium Product pom artifactid woodstox-core Highest Product pom developer email tatu@fasterxml.com Low Product pom developer id cowtowncoder Low Product pom developer name Tatu Saloranta Low Product pom groupid com.fasterxml.woodstox Highest Product pom name Woodstox High Product pom organization name FasterXML Low Product pom organization url http://fasterxml.com Low Product pom parent-artifactid oss-parent Medium Product pom parent-groupid com.fasterxml Medium Product pom url FasterXML/woodstox High Version file version 6.5.1 High Version Manifest Bundle-Version 6.5.1 High Version Manifest Implementation-Version 6.5.1 High Version pom parent-version 6.5.1 Low Version pom version 6.5.1 Highest
xercesImpl-2.9.1.jarDescription:
Xerces2 is the next generation of high performance, fully compliant XML parsers in the
Apache Xerces family. This new version of Xerces introduces the Xerces Native Interface (XNI),
a complete framework for building parser components and configurations that is extremely
modular and easy to program.
File Path: /home/runner/.m2/repository/xerces/xercesImpl/2.9.1/xercesImpl-2.9.1.jarMD5: f807f86d7d9db25edbfc782aca7ca2a9SHA1: 7bc7e49ddfe4fb5f193ed37ecc96c12292c8ceb6SHA256: 6ae540a7c85c814ac64bea48016b3a6f45c95d4765f547fcc0053dc36c94ed5cReferenced In Project/Scope: shardingsphere-infra-database-hive:providedxercesImpl-2.9.1.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.hive/hive-jdbc@3.1.3
Evidence Type Source Name Value Confidence Vendor file name xercesImpl High Vendor jar package name apache Highest Vendor jar package name parser Highest Vendor jar package name parsers Highest Vendor jar package name version Highest Vendor jar package name xerces Highest Vendor jar package name xml Highest Vendor jar package name xni Highest Vendor manifest: javax/xml/datatype/ Implementation-Vendor Apache Software Foundation Medium Vendor manifest: javax/xml/parsers/ Implementation-Vendor Apache Software Foundation Medium Vendor manifest: javax/xml/transform/ Implementation-Vendor Apache Software Foundation Medium Vendor manifest: javax/xml/validation/ Implementation-Vendor Apache Software Foundation Medium Vendor manifest: javax/xml/xpath/ Implementation-Vendor Apache Software Foundation Medium Vendor manifest: org/apache/xerces/impl/Version.class Implementation-Vendor Apache Software Foundation Medium Vendor manifest: org/apache/xerces/xni/ Implementation-Vendor Apache Software Foundation Medium Vendor manifest: org/w3c/dom/ Implementation-Vendor World Wide Web Consortium Medium Vendor manifest: org/w3c/dom/ls/ Implementation-Vendor World Wide Web Consortium Medium Vendor manifest: org/xml/sax/ Implementation-Vendor David Megginson Medium Vendor pom artifactid xercesImpl Highest Vendor pom artifactid xercesImpl Low Vendor pom groupid xerces Highest Vendor pom name Xerces2 Java Parser High Vendor pom parent-artifactid apache Low Vendor pom parent-groupid org.apache Medium Vendor pom url http://xerces.apache.org/xerces2-j Highest Product file name xercesImpl High Product hint analyzer product xerces-j Highest Product jar package name apache Highest Product jar package name datatype Highest Product jar package name dom Highest Product jar package name impl Highest Product jar package name parser Highest Product jar package name parsers Highest Product jar package name validation Highest Product jar package name version Highest Product jar package name w3c Highest Product jar package name xerces Highest Product jar package name xml Highest Product jar package name xni Highest Product jar package name xpath Highest Product manifest: javax/xml/datatype/ Implementation-Title javax.xml.datatype Medium Product manifest: javax/xml/datatype/ Specification-Title Java API for XML Processing Medium Product manifest: javax/xml/parsers/ Implementation-Title javax.xml.parsers Medium Product manifest: javax/xml/parsers/ Specification-Title Java API for XML Processing Medium Product manifest: javax/xml/transform/ Implementation-Title javax.xml.transform Medium Product manifest: javax/xml/transform/ Specification-Title Java API for XML Processing Medium Product manifest: javax/xml/validation/ Implementation-Title javax.xml.validation Medium Product manifest: javax/xml/validation/ Specification-Title Java API for XML Processing Medium Product manifest: javax/xml/xpath/ Implementation-Title javax.xml.xpath Medium Product manifest: javax/xml/xpath/ Specification-Title Java API for XML Processing Medium Product manifest: org/apache/xerces/impl/Version.class Implementation-Title org.apache.xerces.impl.Version Medium Product manifest: org/apache/xerces/xni/ Implementation-Title org.apache.xerces.xni Medium Product manifest: org/apache/xerces/xni/ Specification-Title Xerces Native Interface Medium Product manifest: org/w3c/dom/ Implementation-Title org.w3c.dom Medium Product manifest: org/w3c/dom/ Specification-Title Document Object Model, Level 3 Core Medium Product manifest: org/w3c/dom/ls/ Implementation-Title org.w3c.dom.ls Medium Product manifest: org/w3c/dom/ls/ Specification-Title Document Object Model, Level 3 Load and Save Medium Product manifest: org/xml/sax/ Implementation-Title org.xml.sax Medium Product manifest: org/xml/sax/ Specification-Title Simple API for XML Medium Product pom artifactid xercesImpl Highest Product pom groupid xerces Highest Product pom name Xerces2 Java Parser High Product pom parent-artifactid apache Medium Product pom parent-groupid org.apache Medium Product pom url http://xerces.apache.org/xerces2-j Medium Version file version 2.9.1 High Version manifest: org/apache/xerces/impl/Version.class Implementation-Version 2.9.1 Medium Version pom parent-version 2.9.1 Low Version pom version 2.9.1 Highest
CVE-2012-0881 suppress
Apache Xerces2 Java Parser before 2.12.0 allows remote attackers to cause a denial of service (CPU consumption) via a crafted message to an XML service, which triggers hash table collisions. CWE-399 Resource Management Errors
CVSSv2:
Base Score: HIGH (7.8) Vector: /AV:N/AC:L/Au:N/C:N/I:N/A:C CVSSv3:
Base Score: HIGH (7.5) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:3.9/RC:R/MAV:A References:
Vulnerable Software & Versions:
CVE-2013-4002 suppress
XMLscanner.java in Apache Xerces2 Java Parser before 2.12.0, as used in the Java Runtime Environment (JRE) in IBM Java 5.0 before 5.0 SR16-FP3, 6 before 6 SR14, 6.0.1 before 6.0.1 SR6, and 7 before 7 SR5 as well as Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, JRockit R27.7.6 and earlier, Java SE Embedded 7u40 and earlier, and possibly other products allows remote attackers to cause a denial of service via vectors related to XML attribute names. NVD-CWE-noinfo
CVSSv2:
Base Score: HIGH (7.1) Vector: /AV:N/AC:M/Au:N/C:N/I:N/A:C References:
Vulnerable Software & Versions: (show all )
CVE-2022-23437 suppress
There's a vulnerability within the Apache Xerces Java (XercesJ) XML parser when handling specially crafted XML document payloads. This causes, the XercesJ XML parser to wait in an infinite loop, which may sometimes consume system resources for prolonged duration. This vulnerability is present within XercesJ version 2.12.1 and the previous versions. CWE-835 Loop with Unreachable Exit Condition ('Infinite Loop')
CVSSv2:
Base Score: HIGH (7.1) Vector: /AV:N/AC:M/Au:N/C:N/I:N/A:C CVSSv3:
Base Score: MEDIUM (6.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:2.8/RC:R/MAV:A References:
Vulnerable Software & Versions: (show all )
CVE-2017-10355 (OSSINDEX) suppress
sonatype-2017-0348 - xerces:xercesImpl - Denial of Service (DoS)
The software contains multiple threads or executable segments that are waiting for each other to release a necessary lock, resulting in deadlock. CWE-833 Deadlock
CVSSv3:
Base Score: MEDIUM (5.900000095367432) Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H References:
Vulnerable Software & Versions (OSSINDEX):
cpe:2.3:a:xerces:xercesImpl:2.9.1:*:*:*:*:*:*:* CVE-2018-2799 suppress
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JAXP). Supported versions that are affected are Java SE: 7u171, 8u162 and 10; Java SE Embedded: 8u161; JRockit: R28.3.17. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L). NVD-CWE-noinfo
CVSSv2:
Base Score: MEDIUM (5.0) Vector: /AV:N/AC:L/Au:N/C:N/I:N/A:P CVSSv3:
Base Score: MEDIUM (5.3) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:3.9/RC:R/MAV:A References:
Vulnerable Software & Versions: (show all )
CVE-2009-2625 suppress
XMLScanner.java in Apache Xerces2 Java, as used in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15 and JDK and JRE 5.0 before Update 20, and in other products, allows remote attackers to cause a denial of service (infinite loop and application hang) via malformed XML input, as demonstrated by the Codenomicon XML fuzzing framework. NVD-CWE-Other
CVSSv2:
Base Score: MEDIUM (5.0) Vector: /AV:N/AC:L/Au:N/C:N/I:N/A:P References:
OSSINDEX - [CVE-2009-2625] CWE-Other OSSIndex - http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-2625 OSSIndex - http://www.codenomicon.com/labs/xml/ OSSIndex - https://bugzilla.redhat.com/show_bug.cgi?id=512921 cret@cert.org - BROKEN_LINK cret@cert.org - BROKEN_LINK cret@cert.org - BROKEN_LINK cret@cert.org - BROKEN_LINK cret@cert.org - BROKEN_LINK cret@cert.org - BROKEN_LINK cret@cert.org - BROKEN_LINK cret@cert.org - BROKEN_LINK cret@cert.org - BROKEN_LINK cret@cert.org - BROKEN_LINK cret@cert.org - BROKEN_LINK cret@cert.org - BROKEN_LINK cret@cert.org - BROKEN_LINK,PATCH cret@cert.org - BROKEN_LINK,PATCH,VENDOR_ADVISORY cret@cert.org - ISSUE_TRACKING,THIRD_PARTY_ADVISORY cret@cert.org - MAILING_LIST,PATCH,THIRD_PARTY_ADVISORY cret@cert.org - MAILING_LIST,THIRD_PARTY_ADVISORY cret@cert.org - MAILING_LIST,THIRD_PARTY_ADVISORY cret@cert.org - MAILING_LIST,THIRD_PARTY_ADVISORY cret@cert.org - MAILING_LIST,THIRD_PARTY_ADVISORY cret@cert.org - MAILING_LIST,THIRD_PARTY_ADVISORY cret@cert.org - MAILING_LIST,THIRD_PARTY_ADVISORY cret@cert.org - MAILING_LIST,THIRD_PARTY_ADVISORY cret@cert.org - PATCH,VENDOR_ADVISORY cret@cert.org - PERMISSIONS_REQUIRED cret@cert.org - PERMISSIONS_REQUIRED cret@cert.org - PERMISSIONS_REQUIRED cret@cert.org - THIRD_PARTY_ADVISORY cret@cert.org - THIRD_PARTY_ADVISORY cret@cert.org - THIRD_PARTY_ADVISORY cret@cert.org - THIRD_PARTY_ADVISORY cret@cert.org - THIRD_PARTY_ADVISORY cret@cert.org - THIRD_PARTY_ADVISORY cret@cert.org - THIRD_PARTY_ADVISORY cret@cert.org - THIRD_PARTY_ADVISORY cret@cert.org - THIRD_PARTY_ADVISORY cret@cert.org - THIRD_PARTY_ADVISORY cret@cert.org - THIRD_PARTY_ADVISORY cret@cert.org - THIRD_PARTY_ADVISORY cret@cert.org - THIRD_PARTY_ADVISORY cret@cert.org - THIRD_PARTY_ADVISORY cret@cert.org - THIRD_PARTY_ADVISORY cret@cert.org - THIRD_PARTY_ADVISORY cret@cert.org - THIRD_PARTY_ADVISORY cret@cert.org - THIRD_PARTY_ADVISORY cret@cert.org - THIRD_PARTY_ADVISORY cret@cert.org - THIRD_PARTY_ADVISORY cret@cert.org - THIRD_PARTY_ADVISORY cret@cert.org - THIRD_PARTY_ADVISORY cret@cert.org - THIRD_PARTY_ADVISORY cret@cert.org - THIRD_PARTY_ADVISORY cret@cert.org - THIRD_PARTY_ADVISORY cret@cert.org - THIRD_PARTY_ADVISORY cret@cert.org - THIRD_PARTY_ADVISORY cret@cert.org - THIRD_PARTY_ADVISORY cret@cert.org - THIRD_PARTY_ADVISORY cret@cert.org - THIRD_PARTY_ADVISORY cret@cert.org - THIRD_PARTY_ADVISORY,US_GOVERNMENT_RESOURCE cret@cert.org - THIRD_PARTY_ADVISORY,US_GOVERNMENT_RESOURCE cret@cert.org - THIRD_PARTY_ADVISORY,VDB_ENTRY cret@cert.org - THIRD_PARTY_ADVISORY,VDB_ENTRY cret@cert.org - THIRD_PARTY_ADVISORY,VDB_ENTRY Vulnerable Software & Versions: (show all )
xml-apis-1.3.04.jarDescription:
xml-commons provides an Apache-hosted set of DOM, SAX, and
JAXP interfaces for use in other xml-based projects. Our hope is that we
can standardize on both a common version and packaging scheme for these
critical XML standards interfaces to make the lives of both our developers
and users easier. The External Components portion of xml-commons contains
interfaces that are defined by external standards organizations. For DOM,
that's the W3C; for SAX it's David Megginson and sax.sourceforge.net; for
JAXP it's Sun. File Path: /home/runner/.m2/repository/xml-apis/xml-apis/1.3.04/xml-apis-1.3.04.jarMD5: 9ae9c29e4497fc35a3eade1e6dd0bbebSHA1: 90b215f48fe42776c8c7f6e3509ec54e84fd65efSHA256: d404aa881eb9c5f7a4fb546e84ea11506cd417a72b5972e88eff17f43f9f8a64Referenced In Project/Scope: shardingsphere-infra-database-hive:providedxml-apis-1.3.04.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.hive/hive-jdbc@3.1.3
Evidence Type Source Name Value Confidence Vendor file name xml-apis High Vendor jar package name apache Highest Vendor jar package name dom Highest Vendor jar package name sax Highest Vendor jar package name version Highest Vendor jar package name w3c Highest Vendor jar package name xml Highest Vendor manifest: javax/xml/datatype/ Implementation-Vendor Apache Software Foundation Medium Vendor manifest: javax/xml/parsers/ Implementation-Vendor Apache Software Foundation Medium Vendor manifest: javax/xml/transform/ Implementation-Vendor Apache Software Foundation Medium Vendor manifest: javax/xml/validation/ Implementation-Vendor Apache Software Foundation Medium Vendor manifest: javax/xml/xpath/ Implementation-Vendor Apache Software Foundation Medium Vendor manifest: org/apache/xmlcommons/Version Implementation-Vendor Apache Software Foundation Medium Vendor manifest: org/w3c/dom/ Implementation-Vendor World Wide Web Consortium Medium Vendor manifest: org/w3c/dom/ls/ Implementation-Vendor World Wide Web Consortium Medium Vendor manifest: org/xml/sax/ Implementation-Vendor David Megginson Medium Vendor pom artifactid xml-apis Highest Vendor pom artifactid xml-apis Low Vendor pom groupid xml-apis Highest Vendor pom name XML Commons External Components XML APIs High Vendor pom parent-artifactid apache Low Vendor pom parent-groupid org.apache Medium Vendor pom url http://xml.apache.org/commons/components/external/ Highest Product file name xml-apis High Product jar package name apache Highest Product jar package name datatype Highest Product jar package name document Highest Product jar package name dom Highest Product jar package name javax Highest Product jar package name ls Highest Product jar package name parsers Highest Product jar package name sax Highest Product jar package name transform Highest Product jar package name validation Highest Product jar package name version Highest Product jar package name w3c Highest Product jar package name xml Highest Product jar package name xmlcommons Highest Product jar package name xpath Highest Product manifest: javax/xml/datatype/ Implementation-Title javax.xml.datatype Medium Product manifest: javax/xml/datatype/ Specification-Title JSR 206 Java API for XML Processing 1.3 Medium Product manifest: javax/xml/parsers/ Implementation-Title javax.xml.parsers Medium Product manifest: javax/xml/parsers/ Specification-Title JSR 206, Java API for XML Processing 1.3 Medium Product manifest: javax/xml/transform/ Implementation-Title javax.xml.transform Medium Product manifest: javax/xml/transform/ Specification-Title JSR 206 Java API for XML Processing 1.3 Medium Product manifest: javax/xml/validation/ Implementation-Title javax.xml.validation Medium Product manifest: javax/xml/validation/ Specification-Title JSR 206 Java API for XML Processing 1.3 Medium Product manifest: javax/xml/xpath/ Implementation-Title javax.xml.xpath Medium Product manifest: javax/xml/xpath/ Specification-Title JSR 206 Java API for XML Processing 1.3 Medium Product manifest: org/apache/xmlcommons/Version Implementation-Title org.apache.xmlcommons.Version Medium Product manifest: org/w3c/dom/ Implementation-Title org.w3c.dom Medium Product manifest: org/w3c/dom/ Specification-Title Document Object Model (DOM) Level 3 Core Medium Product manifest: org/w3c/dom/ls/ Implementation-Title org.w3c.dom.ls Medium Product manifest: org/w3c/dom/ls/ Specification-Title Document Object Model (DOM) Level 3 Load and Save Medium Product manifest: org/xml/sax/ Implementation-Title org.xml.sax Medium Product manifest: org/xml/sax/ Specification-Title Simple API for XML Medium Product pom artifactid xml-apis Highest Product pom groupid xml-apis Highest Product pom name XML Commons External Components XML APIs High Product pom parent-artifactid apache Medium Product pom parent-groupid org.apache Medium Product pom url http://xml.apache.org/commons/components/external/ Medium Version file version 1.3.04 High Version manifest: javax/xml/datatype/ Implementation-Version 1.3.04 Medium Version manifest: javax/xml/parsers/ Implementation-Version 1.3.04 Medium Version manifest: javax/xml/transform/ Implementation-Version 1.3.04 Medium Version manifest: javax/xml/validation/ Implementation-Version 1.3.04 Medium Version manifest: javax/xml/xpath/ Implementation-Version 1.3.04 Medium Version manifest: org/apache/xmlcommons/Version Implementation-Version 1.3.04 Medium Version pom parent-version 1.3.04 Low Version pom version 1.3.04 Highest
xmlenc-0.52.jarDescription:
xmlenc Library License:
The BSD License: http://www.opensource.org/licenses/bsd-license.php File Path: /home/runner/.m2/repository/xmlenc/xmlenc/0.52/xmlenc-0.52.jar
MD5: c962b6bc3c8de46795b0ed94851fa9c7
SHA1: d82554efbe65906d83b3d97bd7509289e9db561a
SHA256: 282ae185fc2ff27da7714af9962897c09cfefafb88072219c4a2f9c73616c026
Referenced In Project/Scope: shardingsphere-infra-database-hive:provided
xmlenc-0.52.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.hive/hive-jdbc@3.1.3
Evidence Type Source Name Value Confidence Vendor file name xmlenc High Vendor jar package name library Highest Vendor jar package name xmlenc Highest Vendor manifest: xmlenc Implementation-Vendor Ernst de Haan Medium Vendor pom artifactid xmlenc Highest Vendor pom artifactid xmlenc Low Vendor pom groupid xmlenc Highest Vendor pom name xmlenc Library High Vendor pom url http://xmlenc.sourceforge.net Highest Product file name xmlenc High Product jar package name library Highest Product jar package name xmlenc Highest Product manifest: xmlenc Implementation-Title xmlenc Medium Product manifest: xmlenc Specification-Title xmlenc Medium Product pom artifactid xmlenc Highest Product pom groupid xmlenc Highest Product pom name xmlenc Library High Product pom url http://xmlenc.sourceforge.net Medium Version file version 0.52 High Version manifest: xmlenc Implementation-Version 0.52 Medium Version pom version 0.52 Highest
xz-1.5.jarDescription:
XZ data compression License:
Public Domain File Path: /home/runner/.m2/repository/org/tukaani/xz/1.5/xz-1.5.jar
MD5: 51050e595b308c4aec8ac314f66e18bc
SHA1: 9c64274b7dbb65288237216e3fae7877fd3f2bee
SHA256: 86f30fa8775fa3a62cdb39d1ed78a6019164c1058864048d42cbee244e26e840
Referenced In Project/Scope: shardingsphere-infra-database-hive:provided
xz-1.5.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.hive/hive-jdbc@3.1.3
Evidence Type Source Name Value Confidence Vendor file name xz High Vendor jar package name tukaani Highest Vendor jar package name xz Highest Vendor Manifest bundle-docurl http://tukaani.org/xz/java.html Low Vendor Manifest bundle-symbolicname org.tukaani.xz Medium Vendor Manifest implementation-url http://tukaani.org/xz/java.html Low Vendor pom artifactid xz Highest Vendor pom artifactid xz Low Vendor pom developer email lasse.collin@tukaani.org Low Vendor pom developer name Lasse Collin Medium Vendor pom groupid org.tukaani Highest Vendor pom name XZ for Java High Vendor pom url http://tukaani.org/xz/java.html Highest Product file name xz High Product jar package name tukaani Highest Product jar package name xz Highest Product Manifest bundle-docurl http://tukaani.org/xz/java.html Low Product Manifest Bundle-Name XZ data compression Medium Product Manifest bundle-symbolicname org.tukaani.xz Medium Product Manifest Implementation-Title XZ data compression High Product Manifest implementation-url http://tukaani.org/xz/java.html Low Product pom artifactid xz Highest Product pom developer email lasse.collin@tukaani.org Low Product pom developer name Lasse Collin Low Product pom groupid org.tukaani Highest Product pom name XZ for Java High Product pom url http://tukaani.org/xz/java.html Medium Version file version 1.5 High Version Manifest Bundle-Version 1.5 High Version Manifest Implementation-Version 1.5 High Version pom version 1.5 Highest
zipkin-2.23.2.jarDescription:
Zipkin (Parent) License:
http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/runner/.m2/repository/io/zipkin/zipkin2/zipkin/2.23.2/zipkin-2.23.2.jar
MD5: ce30ac8103a89b0c8713aeaa621c2d5b
SHA1: 001c2c7f2e91a3749311f7f75d0535d14ba2e2f6
SHA256: 80358417cdf6499d84d31ad34433f46753384f183d8e2107409d7f20e9f40226
Referenced In Projects/Scopes: shardingsphere-agent-tracing-opentelemetry:compile shardingsphere-agent-distribution:compile zipkin-2.23.2.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/io.opentelemetry/opentelemetry-exporter-zipkin@1.31.0 pkg:maven/org.apache.shardingsphere/shardingsphere-agent-tracing-opentelemetry@5.5.1-SNAPSHOT Evidence Type Source Name Value Confidence Vendor file name zipkin High Vendor jar package name zipkin2 Highest Vendor Manifest automatic-module-name zipkin2 Medium Vendor Manifest build-jdk-spec 11 Low Vendor Manifest bundle-docurl http://zipkin.io/ Low Vendor Manifest bundle-symbolicname io.zipkin.zipkin2.zipkin Medium Vendor pom artifactid zipkin Highest Vendor pom artifactid zipkin Low Vendor pom groupid io.zipkin.zipkin2 Highest Vendor pom name Zipkin Core Library High Vendor pom parent-artifactid zipkin-parent Low Vendor pom parent-groupid io.zipkin Medium Product file name zipkin High Product jar package name zipkin2 Highest Product Manifest automatic-module-name zipkin2 Medium Product Manifest build-jdk-spec 11 Low Product Manifest bundle-docurl http://zipkin.io/ Low Product Manifest Bundle-Name Zipkin Core Library Medium Product Manifest bundle-symbolicname io.zipkin.zipkin2.zipkin Medium Product pom artifactid zipkin Highest Product pom groupid io.zipkin.zipkin2 Highest Product pom name Zipkin Core Library High Product pom parent-artifactid zipkin-parent Medium Product pom parent-groupid io.zipkin Medium Version file version 2.23.2 High Version Manifest Bundle-Version 2.23.2 High Version pom version 2.23.2 Highest
zipkin-reporter-2.16.3.jarDescription:
Zipkin Reporter (Parent) License:
https://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/runner/.m2/repository/io/zipkin/reporter2/zipkin-reporter/2.16.3/zipkin-reporter-2.16.3.jar
MD5: 656ce86131f12e1e9f5c0d8c1b826ce9
SHA1: 07e43d8be3376d305c355d969e8b9f3a62221380
SHA256: e5ef2a42b910d24d554e267880828fb2e149b2ffcf6a611655fd319eea4445e7
Referenced In Projects/Scopes: shardingsphere-agent-tracing-opentelemetry:compile shardingsphere-agent-distribution:compile zipkin-reporter-2.16.3.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/io.opentelemetry/opentelemetry-exporter-zipkin@1.31.0 pkg:maven/org.apache.shardingsphere/shardingsphere-agent-tracing-opentelemetry@5.5.1-SNAPSHOT Evidence Type Source Name Value Confidence Vendor file name zipkin-reporter High Vendor jar package name reporter Highest Vendor jar package name zipkin2 Highest Vendor Manifest automatic-module-name zipkin2.reporter Medium Vendor Manifest build-jdk-spec 11 Low Vendor Manifest bundle-docurl https://zipkin.io/ Low Vendor Manifest bundle-symbolicname io.zipkin.reporter2.zipkin-reporter Medium Vendor pom artifactid zipkin-reporter Highest Vendor pom artifactid zipkin-reporter Low Vendor pom groupid io.zipkin.reporter2 Highest Vendor pom name Zipkin Reporter: Core High Vendor pom parent-artifactid zipkin-reporter-parent Low Product file name zipkin-reporter High Product jar package name reporter Highest Product jar package name zipkin2 Highest Product Manifest automatic-module-name zipkin2.reporter Medium Product Manifest build-jdk-spec 11 Low Product Manifest bundle-docurl https://zipkin.io/ Low Product Manifest Bundle-Name Zipkin Reporter: Core Medium Product Manifest bundle-symbolicname io.zipkin.reporter2.zipkin-reporter Medium Product pom artifactid zipkin-reporter Highest Product pom groupid io.zipkin.reporter2 Highest Product pom name Zipkin Reporter: Core High Product pom parent-artifactid zipkin-reporter-parent Medium Version file version 2.16.3 High Version Manifest Bundle-Version 2.16.3 High Version pom version 2.16.3 Highest
zipkin-sender-okhttp3-2.16.3.jarDescription:
Zipkin Reporter (Parent) License:
https://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/runner/.m2/repository/io/zipkin/reporter2/zipkin-sender-okhttp3/2.16.3/zipkin-sender-okhttp3-2.16.3.jar
MD5: 8847e7ed4a5007afd1fd6742e806d8ce
SHA1: c98cff5bc2fa32914e613efc3cc95dde9906c01b
SHA256: 3f46afa5a25f52c15b3994612d0d91010176171d9f7c8e690579543928cbb1a8
Referenced In Projects/Scopes: shardingsphere-agent-distribution:runtime shardingsphere-agent-tracing-opentelemetry:runtime zipkin-sender-okhttp3-2.16.3.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/io.opentelemetry/opentelemetry-exporter-zipkin@1.31.0 pkg:maven/org.apache.shardingsphere/shardingsphere-agent-tracing-opentelemetry@5.5.1-SNAPSHOT Evidence Type Source Name Value Confidence Vendor file name zipkin-sender-okhttp3 High Vendor jar package name okhttp3 Highest Vendor jar package name reporter Highest Vendor jar package name zipkin2 Highest Vendor Manifest automatic-module-name zipkin2.reporter.okhttp3 Medium Vendor Manifest build-jdk-spec 11 Low Vendor Manifest bundle-docurl https://zipkin.io/ Low Vendor Manifest bundle-symbolicname io.zipkin.reporter2.zipkin-sender-okhttp3 Medium Vendor pom artifactid zipkin-sender-okhttp3 Highest Vendor pom artifactid zipkin-sender-okhttp3 Low Vendor pom groupid io.zipkin.reporter2 Highest Vendor pom name Zipkin Sender: OkHttp 3 High Vendor pom parent-artifactid zipkin-reporter-parent Low Product file name zipkin-sender-okhttp3 High Product jar package name okhttp3 Highest Product jar package name reporter Highest Product jar package name zipkin2 Highest Product Manifest automatic-module-name zipkin2.reporter.okhttp3 Medium Product Manifest build-jdk-spec 11 Low Product Manifest bundle-docurl https://zipkin.io/ Low Product Manifest Bundle-Name Zipkin Sender: OkHttp 3 Medium Product Manifest bundle-symbolicname io.zipkin.reporter2.zipkin-sender-okhttp3 Medium Product pom artifactid zipkin-sender-okhttp3 Highest Product pom groupid io.zipkin.reporter2 Highest Product pom name Zipkin Sender: OkHttp 3 High Product pom parent-artifactid zipkin-reporter-parent Medium Version file version 2.16.3 High Version Manifest Bundle-Version 2.16.3 High Version pom version 2.16.3 Highest
zookeeper-3.9.2.jar